From 0641c5e4e9727ddde0d2be1aebe3fd7009d010f5 Mon Sep 17 00:00:00 2001
From: Nick Wellnhofer <wellnhofer@aevum.de>
Date: Sun, 7 Jun 2015 17:44:11 +0200
Subject: Helper to safely call strlen

---
 src/buffer.c | 5 +++--
 src/buffer.h | 6 ++++++
 src/chunk.h  | 5 +++--
 3 files changed, 12 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/buffer.c b/src/buffer.c
index efee41d..7d16af8 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -136,7 +136,7 @@ void cmark_strbuf_set(cmark_strbuf *buf, const unsigned char *data, bufsize_t le
 void cmark_strbuf_sets(cmark_strbuf *buf, const char *string)
 {
 	cmark_strbuf_set(buf, (const unsigned char *)string,
-	                 string ? strlen(string) : 0);
+	                 string ? cmark_strbuf_safe_strlen(string) : 0);
 }
 
 void cmark_strbuf_putc(cmark_strbuf *buf, int c)
@@ -159,7 +159,8 @@ void cmark_strbuf_put(cmark_strbuf *buf, const unsigned char *data, bufsize_t le
 
 void cmark_strbuf_puts(cmark_strbuf *buf, const char *string)
 {
-	cmark_strbuf_put(buf, (const unsigned char *)string, strlen(string));
+	cmark_strbuf_put(buf, (const unsigned char *)string,
+			 cmark_strbuf_safe_strlen(string));
 }
 
 void cmark_strbuf_vprintf(cmark_strbuf *buf, const char *format, va_list ap)
diff --git a/src/buffer.h b/src/buffer.h
index f9696e0..babd051 100644
--- a/src/buffer.h
+++ b/src/buffer.h
@@ -3,6 +3,7 @@
 
 #include <stddef.h>
 #include <stdarg.h>
+#include <string.h>
 #include <limits.h>
 #include "config.h"
 
@@ -82,6 +83,11 @@ cmark_strbuf_check_bufsize(size_t size) {
 	return (bufsize_t)size;
 }
 
+static inline bufsize_t
+cmark_strbuf_safe_strlen(const char *str) {
+	return cmark_strbuf_check_bufsize(strlen(str));
+}
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/chunk.h b/src/chunk.h
index 364918d..f23a02d 100644
--- a/src/chunk.h
+++ b/src/chunk.h
@@ -87,7 +87,7 @@ static inline void cmark_chunk_set_cstr(cmark_chunk *c, const char *str)
 		c->data  = NULL;
 		c->alloc = 0;
 	} else {
-		c->len   = strlen(str);
+		c->len   = cmark_strbuf_safe_strlen(str);
 		c->data  = (unsigned char *)malloc(c->len + 1);
 		c->alloc = 1;
 		memcpy(c->data, str, c->len + 1);
@@ -96,7 +96,8 @@ static inline void cmark_chunk_set_cstr(cmark_chunk *c, const char *str)
 
 static inline cmark_chunk cmark_chunk_literal(const char *data)
 {
-	cmark_chunk c = {(unsigned char *)data, data ? strlen(data) : 0, 0};
+	bufsize_t len = data ? cmark_strbuf_safe_strlen(data) : 0;
+	cmark_chunk c = {(unsigned char *)data, len, 0};
 	return c;
 }
 
-- 
cgit v1.2.3