2022-10-04
fix missing zero-termination in strreplace
src/string.c | file | annotate | diff | comparison | revisions |
--- a/src/string.c Tue Oct 04 18:49:14 2022 +0200 +++ b/src/string.c Tue Oct 04 18:55:20 2022 +0200 @@ -550,8 +550,8 @@ struct cx_strreplace_ibuf { size_t *buf; - unsigned int len; /* small indices */ struct cx_strreplace_ibuf *next; + unsigned int len; }; static void cx_strrepl_free_ibuf(struct cx_strreplace_ibuf *buf) { @@ -637,7 +637,7 @@ curbuf = curbuf->next; } while (curbuf); result.length = str.length + rcount * adjlen; - result.ptr = cxMalloc(allocator, result.length); + result.ptr = cxMalloc(allocator, result.length + 1); if (!result.ptr) { cx_strrepl_free_ibuf(firstbuf); return cx_mutstrn(NULL, 0); @@ -668,6 +668,9 @@ } while (curbuf); memcpy(destptr, str.ptr + srcidx, str.length - srcidx); + /* Result is guaranteed to be zero-terminated */ + result.ptr[result.length] = '\0'; + /* Free index buffer */ cx_strrepl_free_ibuf(firstbuf);