Fix strncat/wcsncat

Previously, no checks were done when __n <= __b, but strncat _appends_ after
existing content, making this a overly broad check check. For example, with an
8-byte buffer containing "12345\0", strncat(buf, "ABCD", 4) would have the
check skipped, but the result "12345ABCD\0" is 10 bytes, resulting in an
overflow.

This commit fixes this oversight, and adds a bunch of tests.

1 files changed, 18 insertions, 0 deletions

diff --git a/tests/test_strncat_n_one.c b/tests/test_strncat_n_one.c
new file mode 100644
index 0000000..fce46bd
--- /dev/null
+++ b/tests/test_strncat_n_one.c
@@ -0,0 +1,18 @@
+#include "common.h"
+
+#include <string.h>
+
+int main(int argc, char** argv) {
+  char buffer[8] = {0};
+  strncat(buffer, "1234567", 7);
+  puts(buffer);
+
+  /* n=1, buffer has 7 chars ("1234567").
+   * 7+1+1 = 9 > 8 → overflow. Even n=1 can overflow a nearly-full buffer. */
+  CHK_FAIL_START
+  strncat(buffer, "X", 1);
+  CHK_FAIL_END
+
+  puts(buffer);
+  return ret;
+}