Merge pull request #1000 from bluhm/strndup-nul

tests: `portable_strndup` must not read source string beyond NUL byte
2025-04-06 13:45:00 +00:00 · 2025-03-30 18:51:01 +02:00 · 2025-03-30 18:51:01 +02:00 · 0a27875087
commit 0a27875087
parent 03ff328b5c 3c188810b6
2 changed files with 15 additions and 1 deletions
--- a/expat/Changes
+++ b/expat/Changes
@ -40,6 +40,11 @@
 Release 2.7.2 ??? ????? ?? ????
        Other changes:
            #994  docs: Drop AppVeyor badge
+           #1000  tests: Fix portable_strndup
+
+        Special thanks to:
+            Alexander Bluhm
+            Theo Buehler

 Release 2.7.1 Thu March 27 2025
        Bug fixes:
--- a/expat/tests/common.c
+++ b/expat/tests/common.c
@ -303,7 +303,14 @@ duff_reallocator(void *ptr, size_t size) {
  return realloc(ptr, size);
 }

-// Portable remake of strndup(3) for C99; does not care about space efficiency
+// Portable remake of strnlen(3) for C99
+static size_t
+portable_strnlen(const char *s, size_t maxlen) {
+  const char *const end = (const char *)memchr(s, '\0', maxlen);
+  return (end == NULL) ? maxlen : (size_t)(end - s);
+}
+
+// Portable remake of strndup(3) for C99
 char *
 portable_strndup(const char *s, size_t n) {
  if ((s == NULL) || (n == SIZE_MAX)) {
@ -311,6 +318,8 @@ portable_strndup(const char *s, size_t n) {
    return NULL;
  }

+  n = portable_strnlen(s, n);
+
  char *const buffer = (char *)malloc(n + 1);
  if (buffer == NULL) {
    errno = ENOMEM;