From 44b8c1f535de65da1d6d0d6fff5c264b4ec49523 Mon Sep 17 00:00:00 2001
From: Paulo <paulosanz@poli.ufrj.br>
Date: Wed, 7 Jul 2021 00:30:05 -0300
Subject: [PATCH 1/3] Avoid copying null in concat, unused + breaks views

---
 cores/esp8266/WString.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cores/esp8266/WString.cpp b/cores/esp8266/WString.cpp
index d833509a11..6e6dc94beb 100644
--- a/cores/esp8266/WString.cpp
+++ b/cores/esp8266/WString.cpp
@@ -305,7 +305,7 @@ bool String::concat(const char *cstr, unsigned int length) {
         return true;
     if (!reserve(newlen))
         return false;
-    memmove_P(wbuffer() + len(), cstr, length + 1);
+    memmove_P(wbuffer() + len(), cstr, length);
     setLen(newlen);
     wbuffer()[newlen] = 0;
     return true;

From f6a4cd119070bef62c64f892feda523cce87c68c Mon Sep 17 00:00:00 2001
From: Paulo <paulosanz@poli.ufrj.br>
Date: Thu, 8 Jul 2021 17:16:28 -0300
Subject: [PATCH 2/3] Add concat OOB test case

---
 tests/host/core/test_string.cpp | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/host/core/test_string.cpp b/tests/host/core/test_string.cpp
index 6193132706..7105fa28f3 100644
--- a/tests/host/core/test_string.cpp
+++ b/tests/host/core/test_string.cpp
@@ -594,3 +594,12 @@ TEST_CASE("String chaining", "[core][String]")
     REQUIRE(static_cast<const void*>(result.c_str()) == static_cast<const void*>(ptr));
   }
 }
+
+TEST_CASE("String concat OOB #8198", "[core][String]")
+{
+    char *p = (char*)malloc(16);
+    memset(p, 'x', 16);
+    String s = "abcd";
+    s.concat(p, 16);
+    REQUIRE(!strcmp(s.c_str(), "abcdxxxxxxxxxxxxxxxx"));
+}

From d0f6fcdea7fe62ee304db3599923a095a22d7899 Mon Sep 17 00:00:00 2001
From: Paulo <paulosanz@poli.ufrj.br>
Date: Thu, 8 Jul 2021 17:34:09 -0300
Subject: [PATCH 3/3] Free memory in test

---
 tests/host/core/test_string.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/host/core/test_string.cpp b/tests/host/core/test_string.cpp
index 7105fa28f3..cd844545d0 100644
--- a/tests/host/core/test_string.cpp
+++ b/tests/host/core/test_string.cpp
@@ -602,4 +602,5 @@ TEST_CASE("String concat OOB #8198", "[core][String]")
     String s = "abcd";
     s.concat(p, 16);
     REQUIRE(!strcmp(s.c_str(), "abcdxxxxxxxxxxxxxxxx"));
+    free(p);
 }