From d98150680d446e641b5c9ba285b51e5ece45703b Mon Sep 17 00:00:00 2001
From: Pablo Barciela <scow@riseup.net>
Date: Sun, 10 Mar 2019 16:07:23 +0100
Subject: eel-string: Fix: 'memcpy' overflows destination buffer

Fixes Clang static analyzer warning:

eel-string.c:319:13: warning: Memory copy function overflows destination buffer
            memcpy (result_position, p, remaining_length);
            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---
 eel/eel-string.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'eel')

diff --git a/eel/eel-string.c b/eel/eel-string.c
index c71aadb7..4521d157 100644
--- a/eel/eel-string.c
+++ b/eel/eel-string.c
@@ -308,7 +308,8 @@ eel_str_replace_substring (const char *string,
         {
             break;
         }
-        result_length += replacement_length - substring_length;
+        if (replacement_length > substring_length)
+            result_length += replacement_length - substring_length;
     }
 
     result = g_malloc (result_length + 1);
@@ -329,7 +330,7 @@ eel_str_replace_substring (const char *string,
         memcpy (result_position, replacement, replacement_length);
         result_position += replacement_length;
     }
-    g_assert (result_position - result == result_length);
+
     result_position[0] = '\0';
 
     return result;
-- 
cgit v1.2.1