// SPDX-License-Identifier: LGPL-2.1-or-later
/* Append a null-terminated string to another string, with length checking.
 * Copyright (C) 2016 Free Software Foundation, Inc.
 * This file is part of the GNU C Library.
 */

/* adapted for Quagga from glibc patch submission originally from
 * Florian Weimer <fweimer@redhat.com>, 2016-05-18 */

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif

#include <stdint.h>
#include <string.h>

#ifndef HAVE_STRLCAT
#undef strlcat

size_t strlcat(char *__restrict dest,
	       const char *__restrict src, size_t destsize);

size_t strlcat(char *__restrict dest,
	       const char *__restrict src, size_t destsize)
{
	size_t src_length = strlen(src);

	/* Our implementation strlcat supports dest == NULL if size == 0
	   (for consistency with snprintf and strlcpy), but strnlen does
	   not, so we have to cover this case explicitly.  */
	if (destsize == 0)
		return src_length;

	size_t dest_length = strnlen(dest, destsize);
	if (dest_length != destsize) {
		/* Copy at most the remaining number of characters in the
		   destination buffer.  Leave for the NUL terminator.  */
		size_t to_copy = destsize - dest_length - 1;
		/* But not more than what is available in the source string.  */
		if (to_copy > src_length)
			to_copy = src_length;

		char *target = dest + dest_length;
		memcpy(target, src, to_copy);
		target[to_copy] = '\0';
	}

/* If the sum wraps around, we have more than SIZE_MAX + 2 bytes in
   the two input strings (including both null terminators).  If each
   byte in the address space can be assigned a unique size_t value
   (which the static_assert checks), then by the pigeonhole
   principle, the two input strings must overlap, which is
   undefined.  */
	_Static_assert(sizeof(uintptr_t) == sizeof(size_t),
		       "theoretical maximum object size covers address space");
	return dest_length + src_length;
}
#endif /* HAVE_STRLCAT */