eel-string: Fix: 'memcpy' overflows destination buffer

Fixes Clang static analyzer warning: eel-string.c:319:13: warning: Memory copy function overflows destination buffer memcpy (result_position, p, remaining_length); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author: Pablo Barciela <[email protected]> 2019-03-10 16:07:23 +0100
committer: ZenWalker <[email protected]> 2019-04-03 11:24:23 +0200
commit: d98150680d446e641b5c9ba285b51e5ece45703b (patch)
tree: f251ef7e4db1ed19e6dd216e094330b269f84c8b
parent: 312394dfa42c07a3afa5089c6e3e5b9a1c1001ae (diff)
download: caja-d98150680d446e641b5c9ba285b51e5ece45703b.tar.bz2
caja-d98150680d446e641b5c9ba285b51e5ece45703b.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/eel/eel-string.c b/eel/eel-string.c
index c71aadb7..4521d157 100644
--- a/eel/eel-string.c
+++ b/eel/eel-string.c
@@ -308,7 +308,8 @@ eel_str_replace_substring (const char *string,
 {
 break;
 }
- result_length += replacement_length - substring_length;
+ if (replacement_length > substring_length)
+ result_length += replacement_length - substring_length;
 }
 
 result = g_malloc (result_length + 1);
@@ -329,7 +330,7 @@ eel_str_replace_substring (const char *string,
 memcpy (result_position, replacement, replacement_length);
 result_position += replacement_length;
 }
- g_assert (result_position - result == result_length);
+
 result_position[0] = '\0';
 
 return result;
author	Pablo Barciela <[email protected]>	2019-03-10 16:07:23 +0100
committer	ZenWalker <[email protected]>	2019-04-03 11:24:23 +0200
commit	d98150680d446e641b5c9ba285b51e5ece45703b (patch)
tree	f251ef7e4db1ed19e6dd216e094330b269f84c8b
parent	312394dfa42c07a3afa5089c6e3e5b9a1c1001ae (diff)
download	caja-d98150680d446e641b5c9ba285b51e5ece45703b.tar.bz2 caja-d98150680d446e641b5c9ba285b51e5ece45703b.tar.xz