strxcpyx: add a paranoia check for vsnprintf()'s return value

vsnprintf() can, under some circumstances, return negative value, namely
during encoding errors when converting wchars to multi-byte characters.
This would then wreak havoc in the arithmetics we do following the
vsnprintf() call. However, since we never do any wchar shenanigans in
our code it should never happen.

Let's encode this assumption into the code as an assert(), similarly how
we already do this in other places (like strextendf_with_separator()).

diff --git a/src/basic/strxcpyx.c b/src/basic/strxcpyx.c
index dc40d620e7e6bd9aa10954cba4f35e24ce5f8228..f8410f7d0c11d345f71b29e3a4ace7af9f1285c9 100644 (file)
--- a/src/basic/strxcpyx.c
+++ b/src/basic/strxcpyx.c
@@ -64,6 +64,8 @@ size_t strpcpyf_full(char **dest, size_t size, bool *ret_truncated, const char *
         i = vsnprintf(*dest, size, src, va);
         va_end(va);
 
+        assert(i >= 0);
+
         if (i < (int) size) {
                 *dest += i;
                 size -= i;