# HG changeset patch
# User Mike Becker <universe@uap-core.de>
# Date 1664902520 -7200
# Node ID 02a56701a5cb774e9e9a26ef0643e01d6ae74115
# Parent  c290f8fd979e2120996530ae1d8bcf793ef632db
fix missing zero-termination in strreplace

diff -r c290f8fd979e -r 02a56701a5cb src/string.c
--- a/src/string.c	Tue Oct 04 18:49:14 2022 +0200
+++ b/src/string.c	Tue Oct 04 18:55:20 2022 +0200
@@ -550,8 +550,8 @@
 
 struct cx_strreplace_ibuf {
     size_t *buf;
-    unsigned int len; /* small indices */
     struct cx_strreplace_ibuf *next;
+    unsigned int len;
 };
 
 static void cx_strrepl_free_ibuf(struct cx_strreplace_ibuf *buf) {
@@ -637,7 +637,7 @@
             curbuf = curbuf->next;
         } while (curbuf);
         result.length = str.length + rcount * adjlen;
-        result.ptr = cxMalloc(allocator, result.length);
+        result.ptr = cxMalloc(allocator, result.length + 1);
         if (!result.ptr) {
             cx_strrepl_free_ibuf(firstbuf);
             return cx_mutstrn(NULL, 0);
@@ -668,6 +668,9 @@
     } while (curbuf);
     memcpy(destptr, str.ptr + srcidx, str.length - srcidx);
 
+    /* Result is guaranteed to be zero-terminated */
+    result.ptr[result.length] = '\0';
+
     /* Free index buffer */
     cx_strrepl_free_ibuf(firstbuf);