eel-string: Fix: 'memcpy' overflows destination buffer

Fixes Clang static analyzer warning: eel-string.c:319:13: warning: Memory copy function overflows destination buffer memcpy (result_position, p, remaining_length); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
author: Pablo Barciela <[email protected]> 2019-03-10 16:07:23 +0100
committer: raveit65 <[email protected]> 2022-07-19 23:15:36 +0200
commit: 2e9c7635145a2045794220e4d5a5e279531d17d8 (patch)
tree: e7390a66ee852ddc5adc3f15bd20096e8038336e /eel/eel-string.c
parent: 0fba10298673a68ccad3f4fd85070d4253e0b4e0 (diff)
download: caja-2e9c7635145a2045794220e4d5a5e279531d17d8.tar.bz2
caja-2e9c7635145a2045794220e4d5a5e279531d17d8.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/eel/eel-string.c b/eel/eel-string.c
index 3ed54d89..a4202ad8 100644
--- a/eel/eel-string.c
+++ b/eel/eel-string.c
@@ -308,7 +308,8 @@ eel_str_replace_substring (const char *string,
         {
             break;
         }
-        result_length += replacement_length - substring_length;
+        if (replacement_length > substring_length)
+            result_length += replacement_length - substring_length;
     }
 
     result = g_malloc (result_length + 1);
@@ -329,7 +330,7 @@ eel_str_replace_substring (const char *string,
         memcpy (result_position, replacement, replacement_length);
         result_position += replacement_length;
     }
-    g_assert (result_position - result == result_length);
+
     result_position[0] = '\0';
 
     return result;
author	Pablo Barciela <[email protected]>	2019-03-10 16:07:23 +0100
committer	raveit65 <[email protected]>	2022-07-19 23:15:36 +0200
commit	2e9c7635145a2045794220e4d5a5e279531d17d8 (patch)
tree	e7390a66ee852ddc5adc3f15bd20096e8038336e /eel/eel-string.c
parent	0fba10298673a68ccad3f4fd85070d4253e0b4e0 (diff)
download	caja-2e9c7635145a2045794220e4d5a5e279531d17d8.tar.bz2 caja-2e9c7635145a2045794220e4d5a5e279531d17d8.tar.xz