From d98150680d446e641b5c9ba285b51e5ece45703b Mon Sep 17 00:00:00 2001 From: Pablo Barciela Date: Sun, 10 Mar 2019 16:07:23 +0100 Subject: eel-string: Fix: 'memcpy' overflows destination buffer Fixes Clang static analyzer warning: eel-string.c:319:13: warning: Memory copy function overflows destination buffer memcpy (result_position, p, remaining_length); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- eel/eel-string.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/eel/eel-string.c b/eel/eel-string.c index c71aadb7..4521d157 100644 --- a/eel/eel-string.c +++ b/eel/eel-string.c @@ -308,7 +308,8 @@ eel_str_replace_substring (const char *string, { break; } - result_length += replacement_length - substring_length; + if (replacement_length > substring_length) + result_length += replacement_length - substring_length; } result = g_malloc (result_length + 1); @@ -329,7 +330,7 @@ eel_str_replace_substring (const char *string, memcpy (result_position, replacement, replacement_length); result_position += replacement_length; } - g_assert (result_position - result == result_length); + result_position[0] = '\0'; return result; -- cgit v1.2.1