strbuf: fix incorrect alloc size in strbuf_reencode()

vaidas-shopify · vaidas-shopify · commit 145fd041c8a5 · 2026-02-13T11:34:04.000+02:00
The strbuf_reencode() function incorrectly passes the string length
as the allocation size to strbuf_attach(), when it should pass
length + 1 to account for the null terminator.

The reencode_string_len() function allocates len + 1 bytes (including
the null terminator) and returns the string length (excluding the null
terminator) via the len parameter. However, strbuf_reencode() then
calls strbuf_attach() with this length value as both the len and alloc
parameters:

    strbuf_attach(sb, out, len, len);

This is incorrect because strbuf_attach()'s alloc parameter should
reflect the actual allocated buffer size, which includes space for the
null terminator. This could lead to incorrect memory management in code
that relies on sb-&gt;alloc being accurate.

Fix by passing len + 1 as the alloc parameter:

    strbuf_attach(sb, out, len, len + 1);

Signed-off-by: Vaidas Pilkauskas &lt;vaidas.pilkauskas@shopify.com&gt;
diff --git a/strbuf.c b/strbuf.c
@@ -168,7 +168,7 @@ int strbuf_reencode(struct strbuf *sb, const char *from, const char *to)
 	if (!out)
 		return -1;
 
-	strbuf_attach(sb, out, len, len);
+	strbuf_attach(sb, out, len, len + 1);
 	return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ int strbuf_reencode(struct strbuf sb, const char from, const char *to)`
`168`	`168`	`if (!out)`
`169`	`169`	`return -1;`
`170`	`170`
`171`		`- strbuf_attach(sb, out, len, len);`
	`171`	`+ strbuf_attach(sb, out, len, len + 1);`
`172`	`172`	`return 0;`
`173`	`173`	`}`
`174`	`174`