From b74a05d722cb44c9caaed30c366ae3ea99ef8264 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sun, 28 Sep 2025 20:27:50 +0100
Subject: [PATCH] [Fix] Avoid invocation of strlcpy on string_view

---
 .../composites/composites_manager.cxx         | 22 +++++++++++--------
 src/libserver/css/css_tokeniser.cxx           | 10 +++++----
 src/libserver/html/html_tag.hxx               |  5 +++--
 src/libserver/symcache/symcache_item.cxx      |  4 +++-
 4 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/src/libserver/composites/composites_manager.cxx b/src/libserver/composites/composites_manager.cxx
index 1ee5c4092f..c82448631f 100644
--- a/src/libserver/composites/composites_manager.cxx
+++ b/src/libserver/composites/composites_manager.cxx
@@ -1,11 +1,11 @@
-/*-
- * Copyright 2021 Vsevolod Stakhov
+/*
+ * Copyright 2025 Vsevolod Stakhov
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -29,7 +29,8 @@
 namespace rspamd::composites {
 
 static auto
-composite_policy_from_str(const std::string_view &inp) -> enum rspamd_composite_policy {
+composite_policy_from_str(const std::string_view &inp) -> enum rspamd_composite_policy
+{
 	const static ankerl::unordered_dense::map<std::string_view,
 											  enum rspamd_composite_policy>
 		names{
@@ -43,10 +44,11 @@ composite_policy_from_str(const std::string_view &inp) -> enum rspamd_composite_
 		};
 
 	auto found = names.find(inp);
-	if (found != names.end()){
-		return found->second;}
+	if (found != names.end()) {
+		return found->second;
+	}
 
-return rspamd_composite_policy::RSPAMD_COMPOSITE_POLICY_UNKNOWN;
+	return rspamd_composite_policy::RSPAMD_COMPOSITE_POLICY_UNKNOWN;
 }// namespace rspamd::composites
 
 auto composites_manager::add_composite(std::string_view composite_name, const ucl_object_t *obj, bool silent_duplicate) -> rspamd_composite *
@@ -237,7 +239,9 @@ struct map_cbdata {
 					/* I wish it was supported properly */
 					//auto conv_res = std::from_chars(value->data(), value->size(), num);
 					char numbuf[128], *endptr = nullptr;
-					rspamd_strlcpy(numbuf, score.data(), MIN(score.size(), sizeof(numbuf)));
+					size_t n = std::min(score.size(), sizeof(numbuf) - 1);
+					memcpy(numbuf, score.data(), n);
+					numbuf[n] = '\0';
 					auto num = g_ascii_strtod(numbuf, &endptr);
 
 					if (fabs(num) >= G_MAXFLOAT || std::isnan(num)) {
@@ -270,7 +274,7 @@ struct map_cbdata {
 		delete cbd;
 	}
 };
-}
+}// namespace rspamd::composites
 
 
 void *
diff --git a/src/libserver/css/css_tokeniser.cxx b/src/libserver/css/css_tokeniser.cxx
index 6d3f41e8d1..bd5ce0c6c2 100644
--- a/src/libserver/css/css_tokeniser.cxx
+++ b/src/libserver/css/css_tokeniser.cxx
@@ -1,11 +1,11 @@
-/*-
- * Copyright 2021 Vsevolod Stakhov
+/*
+ * Copyright 2025 Vsevolod Stakhov
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
- *   http://www.apache.org/licenses/LICENSE-2.0
+ *    http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
@@ -360,7 +360,9 @@ css_tokeniser::consume_number() -> struct css_parser_token {
 		/* I wish it was supported properly */
 		//auto conv_res = std::from_chars(&input[offset], &input[i], num);
 		char numbuf[128], *endptr = nullptr;
-		rspamd_strlcpy(numbuf, &input[offset], MIN(i - offset + 1, sizeof(numbuf)));
+		size_t n = std::min(i - offset, sizeof(numbuf) - 1);
+		memcpy(numbuf, &input[offset], n);
+		numbuf[n] = '\0';
 		auto num = g_ascii_strtod(numbuf, &endptr);
 		offset = i;
 
diff --git a/src/libserver/html/html_tag.hxx b/src/libserver/html/html_tag.hxx
index b201121d72..0957cfc021 100644
--- a/src/libserver/html/html_tag.hxx
+++ b/src/libserver/html/html_tag.hxx
@@ -677,8 +677,9 @@ struct html_component_opacity : html_component_base {
 		: raw_value(v)
 	{
 		char numbuf[128], *endptr = nullptr;
-		numbuf[0] = '\0';
-		rspamd_strlcpy(numbuf, v.data(), MIN(v.size(), sizeof(numbuf)));
+		size_t n = std::min(v.size(), sizeof(numbuf) - 1);
+		memcpy(numbuf, v.data(), n);
+		numbuf[n] = '\0';
 		auto num = g_ascii_strtod(numbuf, &endptr);
 
 		if (!std::isnan(num)) {
diff --git a/src/libserver/symcache/symcache_item.cxx b/src/libserver/symcache/symcache_item.cxx
index f58332ea5f..15d2bde531 100644
--- a/src/libserver/symcache/symcache_item.cxx
+++ b/src/libserver/symcache/symcache_item.cxx
@@ -469,7 +469,9 @@ auto cache_item::add_augmentation(const symcache &cache, std::string_view augmen
 				/* I wish it was supported properly */
 				//auto conv_res = std::from_chars(value->data(), value->size(), num);
 				char numbuf[128], *endptr = nullptr;
-				rspamd_strlcpy(numbuf, value->data(), MIN(value->size(), sizeof(numbuf)));
+				size_t n = std::min(value->size(), sizeof(numbuf) - 1);
+				memcpy(numbuf, value->data(), n);
+				numbuf[n] = '\0';
 				auto num = g_ascii_strtod(numbuf, &endptr);
 
 				if (fabs(num) >= G_MAXFLOAT || std::isnan(num)) {
-- 
2.47.3