From 4dd76b7d1e17817f98cf4a3ad9baea8e1d990771 Mon Sep 17 00:00:00 2001
From: John Axel Eriksson <john@insane.se>
Date: Wed, 17 Oct 2018 15:55:06 +0200
Subject: [PATCH] Don't overflow the buffer when buffer would overflow.

The code was taking the pointer size rather than the length of the
string when strcpy:ing into the buffer.
---
 common/pango.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/common/pango.c b/common/pango.c
index f0b8db666..fc96f88e2 100644
--- a/common/pango.c
+++ b/common/pango.c
@@ -92,7 +92,7 @@ void get_text_size(cairo_t *cairo, const char *font, int *width, int *height,
 	va_list args;
 	va_start(args, fmt);
 	if (vsnprintf(buf, sizeof(buf), fmt, args) >= max_chars) {
-		strcpy(&buf[sizeof(buf) - sizeof(overflow)], overflow);
+		strcpy(&buf[sizeof(buf) - strlen(overflow) - 1], overflow);
 	}
 	va_end(args);
 
@@ -112,7 +112,7 @@ void pango_printf(cairo_t *cairo, const char *font,
 	va_list args;
 	va_start(args, fmt);
 	if (vsnprintf(buf, sizeof(buf), fmt, args) >= max_chars) {
-		strcpy(&buf[sizeof(buf) - sizeof(overflow)], overflow);
+		strcpy(&buf[sizeof(buf) - strlen(overflow) - 1], overflow);
 	}
 	va_end(args);