数值下标越界Crash

[wjwever]

hello，遇到nlsCppSdk/utils/text_utils.cpp securityDisposalForLog 函数一处指针越界crash

const char *TextUtils::securityDisposalForLog(char *buf_in,
                                              std::string *buf_str,
                                              std::string key,
                                              unsigned int step, char c) {
  unsigned int buf_in_size = strlen(buf_in);
  if (buf_in_size > 0) {
    char *buf_out = new char[buf_in_size + 1];
    if (buf_out) {
      std::string tmp_str(buf_in);
      std::string find_key = key; /* Sec-WebSocket-Key: or X-NLS-Token: */
      int pos2 = tmp_str.find(find_key);
      memset(buf_out, 0, buf_in_size + 1);
      strncpy(buf_out, buf_in, buf_in_size);

      if (pos2 >= 0) {
        int pos1 = 0;
        int begin = pos2 + find_key.length() + 1;
        // 下面的for 循环判定条件中，pos1 必须要小于buf_in_size，否则越界，crash。。。。
        for (pos1 = begin; pos1 < begin + step; pos1++) {
          buf_out[pos1] = c;
        }
      }

      buf_str->assign(buf_out);
      delete[] buf_out;
    }
  }
  return buf_str->c_str();
}

coommit id ：4390402210e52bb61297d9a88261fbe89dd3f91a