fix wildcard matching (#650)

2 files changed, 11 insertions, 0 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 270e1f919..4691a9167 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,6 @@
 ##
 - Improvement: Sentry is now disabled by default when building locally, to avoid uploading crashes due to local changes. CI builds still enable it just like before
+- Bugfix: Wildcard matching could cause out of bound read error
 
 ## 5.7.9
 - Include all changes from 5.7.7
diff --git a/src/zenutil/wildcard.cpp b/src/zenutil/wildcard.cpp
index df69f6a5e..d9d5b384f 100644
--- a/src/zenutil/wildcard.cpp
+++ b/src/zenutil/wildcard.cpp
@@ -43,11 +43,16 @@ MatchWildcard(std::string_view::const_iterator WildcardIt,
 					return false;
 				}
 			default:
+				if (StringIt == StringEnd)
+				{
+					return false;
+				}
 				if (*StringIt != *WildcardIt)
 				{
 					return false;
 				}
 				++StringIt;
+				break;
 		}
 	}
 	return StringIt == StringEnd;
@@ -106,6 +111,11 @@ TEST_CASE("Wildcard")
 	CHECK(!MatchWildcard("*/?ormal.TXT", "hey/normal.txt", true));
 	CHECK(!MatchWildcard("*/?ORMAL.*", "hey/normal.txt", true));
 	CHECK(!MatchWildcard("*/?ormal", "hey/normaL", true));
+
+	CHECK(MatchWildcard("*.dll", "dir/path.dll", true));
+	CHECK(!MatchWildcard("*.dll", "dir/path.d", true));
+	CHECK(!MatchWildcard("*.d", "dir/path.dll", true));
+	CHECK(MatchWildcard("*.d", "dir/path.d", true));
 }
 
 #endif