From 34d232c39a1e05ba734dc6ad9dc01d15788cd91d Mon Sep 17 00:00:00 2001 From: Rodrigo Campos Date: Sun, 18 Feb 2024 16:51:04 -0300 Subject: [PATCH] tools/nolibc: Fix strlcat() return code and size usage MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The return code should always be strlen(src) + strnlen(dst, size). Let's make sure to copy at most size-1 bytes from src and null-terminate the dst buffer if we did copied something. While we can use strnlen() and strncpy() to implement strlcat(), this is simple enough and results in shorter code when compiled. Signed-off-by: Rodrigo Campos Signed-off-by: Thomas Weißschuh --- tools/include/nolibc/string.h | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/tools/include/nolibc/string.h b/tools/include/nolibc/string.h index ed15c22b1b2ae..cc51fd6b63d02 100644 --- a/tools/include/nolibc/string.h +++ b/tools/include/nolibc/string.h @@ -187,22 +187,31 @@ char *strndup(const char *str, size_t maxlen) static __attribute__((unused)) size_t strlcat(char *dst, const char *src, size_t size) { - size_t len; - char c; + size_t len = 0; - for (len = 0; dst[len]; len++) - ; + for (; len < size; len++) { + if (dst[len] == '\0') + break; + } - for (;;) { - c = *src; - if (len < size) - dst[len] = c; - if (!c) + /* + * We want len < size-1. But as size is unsigned and can wrap + * around, we use len + 1 instead. + */ + while (len + 1 < size) { + dst[len] = *src; + if (*src == '\0') break; len++; src++; } + if (len < size) + dst[len] = '\0'; + + while (*src++) + len++; + return len; } -- 2.39.5