string-util: improve overflow checking

The current overflow checking is broken in the corner case of the strings'
combined length being exactly SIZE_MAX: After the loop, l would be SIZE_MAX,
but we're not testing whether the l+1 expression overflows.

Fix it by simply pre-accounting for the final '\0': initialize l to 1 instead
of 0.

diff --git a/src/basic/string-util.c b/src/basic/string-util.c
index c8993000b04c3c9f3feae7e4c5b6401000f247ca..12c4ae177a28dd4cd1a66e0c4e1f30ae695aadb7 100644 (file)
--- a/src/basic/string-util.c
+++ b/src/basic/string-util.c
@@ -145,7 +145,7 @@ char *strnappend(const char *s, const char *suffix, size_t b) {
 
 char *strjoin_real(const char *x, ...) {
         va_list ap;
-        size_t l = 0;
+        size_t l = 1;
         char *r, *p;
 
         va_start(ap, x);
@@ -161,7 +161,7 @@ char *strjoin_real(const char *x, ...) {
         }
         va_end(ap);
 
-        p = r = new(char, l+1);
+        p = r = new(char, l);
         if (!r)
                 return NULL;