diff options
author | Pablo Barciela <[email protected]> | 2019-03-10 16:07:23 +0100 |
---|---|---|
committer | raveit65 <[email protected]> | 2022-07-19 23:15:36 +0200 |
commit | 2e9c7635145a2045794220e4d5a5e279531d17d8 (patch) | |
tree | e7390a66ee852ddc5adc3f15bd20096e8038336e | |
parent | 0fba10298673a68ccad3f4fd85070d4253e0b4e0 (diff) | |
download | caja-2e9c7635145a2045794220e4d5a5e279531d17d8.tar.bz2 caja-2e9c7635145a2045794220e4d5a5e279531d17d8.tar.xz |
eel-string: Fix: 'memcpy' overflows destination buffer
Fixes Clang static analyzer warning:
eel-string.c:319:13: warning: Memory copy function overflows destination buffer
memcpy (result_position, p, remaining_length);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-rw-r--r-- | eel/eel-string.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/eel/eel-string.c b/eel/eel-string.c index 3ed54d89..a4202ad8 100644 --- a/eel/eel-string.c +++ b/eel/eel-string.c @@ -308,7 +308,8 @@ eel_str_replace_substring (const char *string, { break; } - result_length += replacement_length - substring_length; + if (replacement_length > substring_length) + result_length += replacement_length - substring_length; } result = g_malloc (result_length + 1); @@ -329,7 +330,7 @@ eel_str_replace_substring (const char *string, memcpy (result_position, replacement, replacement_length); result_position += replacement_length; } - g_assert (result_position - result == result_length); + result_position[0] = '\0'; return result; |