From 63687f832a105956e8e070306cc81d85b5f9945e Mon Sep 17 00:00:00 2001
From: Gary Buhrmaster <gary.buhrmaster@gmail.com>
Date: Tue, 28 May 2013 01:55:28 +0000
Subject: [PATCH] Fix use after free (realloc) in ParseText.cpp

Static analysis detected a use after free (realloc).  The
member variable should use the new string address, and it
is assigned the new string address after the usage.  This
looks to be a copy/paste error sometime in the past.  In
addition, follow the stated convention and null terminate
the string, just in case.
(cherry picked from commit df4aef6acf73e31f6399ce4c30c2d508e26c72a1)

Signed-off-by: Stuart Morgan <smorgan@mythtv.org>

Fixes #11556
---
 mythtv/libs/libmythfreemheg/ParseText.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/mythtv/libs/libmythfreemheg/ParseText.cpp b/mythtv/libs/libmythfreemheg/ParseText.cpp
index feba0472aef..5ae340830cd 100644
--- a/mythtv/libs/libmythfreemheg/ParseText.cpp
+++ b/mythtv/libs/libmythfreemheg/ParseText.cpp
@@ -800,12 +800,13 @@ void MHParseText::NextSym()
                             Error("Insufficient memory");
                         }
 
+                        m_String = str;
                         m_String[0] = colourTable[i].r;
                         m_String[1] = colourTable[i].g;
                         m_String[2] = colourTable[i].b;
                         m_String[3] = colourTable[i].t;
-                        m_String = str;
                         m_nStringLength = 4;
+                        m_String[m_nStringLength] = 0;
                         return;
                     }
                 }