diff options
author | Pablo Barciela <[email protected]> | 2019-03-10 16:07:23 +0100 |
---|---|---|
committer | ZenWalker <[email protected]> | 2019-04-03 11:24:23 +0200 |
commit | d98150680d446e641b5c9ba285b51e5ece45703b (patch) | |
tree | f251ef7e4db1ed19e6dd216e094330b269f84c8b | |
parent | 312394dfa42c07a3afa5089c6e3e5b9a1c1001ae (diff) | |
download | caja-d98150680d446e641b5c9ba285b51e5ece45703b.tar.bz2 caja-d98150680d446e641b5c9ba285b51e5ece45703b.tar.xz |
eel-string: Fix: 'memcpy' overflows destination buffer
Fixes Clang static analyzer warning:
eel-string.c:319:13: warning: Memory copy function overflows destination buffer
memcpy (result_position, p, remaining_length);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-rw-r--r-- | eel/eel-string.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/eel/eel-string.c b/eel/eel-string.c index c71aadb7..4521d157 100644 --- a/eel/eel-string.c +++ b/eel/eel-string.c @@ -308,7 +308,8 @@ eel_str_replace_substring (const char *string, { break; } - result_length += replacement_length - substring_length; + if (replacement_length > substring_length) + result_length += replacement_length - substring_length; } result = g_malloc (result_length + 1); @@ -329,7 +330,7 @@ eel_str_replace_substring (const char *string, memcpy (result_position, replacement, replacement_length); result_position += replacement_length; } - g_assert (result_position - result == result_length); + result_position[0] = '\0'; return result; |