From 3e19462712c053499b2c6b9dd6baec1351135086 Mon Sep 17 00:00:00 2001
From: Szymon Janc <szymon.janc@gmail.com>
Date: Mon, 10 Mar 2014 23:57:11 +0100
Subject: [PATCH] shared/hfp: Fix not NULL terminating parsed strings

If there were not enough space in output buffer
hfp_gw_result_get_string() and hfp_gw_result_get_unquoted_string()
wcould return true, but resulting string would not be NULL terminated.
---
 src/shared/hfp.c | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/shared/hfp.c b/src/shared/hfp.c
index 1be53fbde..e48136017 100644
--- a/src/shared/hfp.c
+++ b/src/shared/hfp.c
@@ -308,13 +308,17 @@ bool hfp_gw_result_get_string(struct hfp_gw_result *result, char *buf,
 	result->offset++;
 
 	while (data[result->offset] != '\0' && data[result->offset] != '"') {
-		if (i < len)
-			buf[i++] = data[result->offset];
+		if (i == len)
+			return false;
+
+		buf[i++] = data[result->offset];
 		result->offset++;
 	}
 
-	if (i < len)
-		buf[i++] = '\0';
+	if (i == len)
+		return false;
+
+	buf[i] = '\0';
 
 	if (data[result->offset] == '"')
 		result->offset++;
@@ -342,13 +346,17 @@ bool hfp_gw_result_get_unquoted_string(struct hfp_gw_result *result, char *buf,
 
 	while (data[result->offset] != '\0' && data[result->offset] != ','
 					&& data[result->offset] != ')') {
-		if (i < len)
-			buf[i++] = data[result->offset];
+		if (i == len)
+			return false;
+
+		buf[i++] = data[result->offset];
 		result->offset++;
 	}
 
-	if (i < len)
-		buf[i++] = '\0';
+	if (i == len)
+		return false;
+
+	buf[i] = '\0';
 
 	next_field(result);
 
-- 
2.47.3