summary refs log tree commit diff
diff options
context:
space:
mode:
authorLeah Neukirchen <leah@vuxu.org>2019-02-27 22:40:13 +0100
committerLeah Neukirchen <leah@vuxu.org>2019-02-27 22:40:13 +0100
commit3f2c714b4268e78bccb4fb3aaa2a77b3f0568744 (patch)
tree785f20aa8ab5266de27a3b504f5d82ce92859abb
parentf8fa6a1e0e0dbd115544cd8e8716e7221ac1f3cb (diff)
downloadmblaze-3f2c714b4268e78bccb4fb3aaa2a77b3f0568744.tar.gz
mblaze-3f2c714b4268e78bccb4fb3aaa2a77b3f0568744.tar.xz
mblaze-3f2c714b4268e78bccb4fb3aaa2a77b3f0568744.zip
blaze822: safe_append: fixes for various border cases
This fixes dstmax == dstlen and when src is completely full.

Found by duncaen with afl.
-rw-r--r--blaze822.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/blaze822.c b/blaze822.c
index 47710a3..2dfd79b 100644
--- a/blaze822.c
+++ b/blaze822.c
@@ -155,9 +155,12 @@ static size_t
 safe_append(char *dst, size_t dstmax, char *srcbeg, char *srcend)
 {
 	size_t srclen = srcend - srcbeg;
-	size_t dstlen = strlen(dst);
+	size_t dstlen = strnlen(dst, dstmax);
 
-	if (dstmax - dstlen - 1 < srclen)
+	if (dstlen == dstmax)
+		return 0;
+
+	if (dstmax - dstlen < srclen + 1)
 		srclen = dstmax - dstlen - 1;
 	memcpy(dst + dstlen, srcbeg, srclen);
 	dst[dstlen + srclen] = 0;