From 3f2c714b4268e78bccb4fb3aaa2a77b3f0568744 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Wed, 27 Feb 2019 22:40:13 +0100
Subject: blaze822: safe_append: fixes for various border cases

This fixes dstmax == dstlen and when src is completely full.

Found by duncaen with afl.
---
 blaze822.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'blaze822.c')

diff --git a/blaze822.c b/blaze822.c
index 47710a3..2dfd79b 100644
--- a/blaze822.c
+++ b/blaze822.c
@@ -155,9 +155,12 @@ static size_t
 safe_append(char *dst, size_t dstmax, char *srcbeg, char *srcend)
 {
 	size_t srclen = srcend - srcbeg;
-	size_t dstlen = strlen(dst);
+	size_t dstlen = strnlen(dst, dstmax);
 
-	if (dstmax - dstlen - 1 < srclen)
+	if (dstlen == dstmax)
+		return 0;
+
+	if (dstmax - dstlen < srclen + 1)
 		srclen = dstmax - dstlen - 1;
 	memcpy(dst + dstlen, srcbeg, srclen);
 	dst[dstlen + srclen] = 0;
-- 
cgit 1.4.1