blaze822: safe_append: fixes for various border cases

This fixes dstmax == dstlen and when src is completely full. Found by duncaen with afl.
5 years ago · 3f2c714b42
parent f8fa6a1e0e
commit 3f2c714b42
1 changed files with 5 additions and 2 deletions
--- a/blaze822.c
+++ b/blaze822.c
@ -155,9 +155,12 @@ static size_t
 safe_append(char *dst, size_t dstmax, char *srcbeg, char *srcend)
 {
 	size_t srclen = srcend - srcbeg;
-	size_t dstlen = strlen(dst);
+	size_t dstlen = strnlen(dst, dstmax);

-	if (dstmax - dstlen - 1 < srclen)
+	if (dstlen == dstmax)
+		return 0;
+
+	if (dstmax - dstlen < srclen + 1)
 		srclen = dstmax - dstlen - 1;
 	memcpy(dst + dstlen, srcbeg, srclen);
 	dst[dstlen + srclen] = 0;