From eee5203ba9eba7b166d0d8642a3b150219eabf2b Mon Sep 17 00:00:00 2001
From: Avril <flanchan@cumallover.me>
Date: Tue, 13 Jul 2021 21:08:57 +0100
Subject: [PATCH] Start: double-bounded string mutation functions.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

These bound `dest` and `src`, so will assure no OOB writes *and* no OOB reads.

Functions prototyped only, (not yet implemented.)

Fortune for naka's current commit: Middle blessing − 中吉
---
 src/display.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/display.c b/src/display.c
index 174126f..1ac0ca0 100644
--- a/src/display.c
+++ b/src/display.c
@@ -21,6 +21,18 @@ static usize strncpy_n(char*pOUT dest, const char* restrict src, usize n)
 	return i;
 }
 
+// Will not write past `dn` bytes of `dest`, will not read past `sn` bytes of `src`. Otherwise, same as `strncpy_n()`.
+static usize s_strncpy_n(usize sn, usize dn; char dest[static pOUT dn], usize dn, const char src[static restrict sn], usize sn)
+{
+	TODO("double-bounded strncpy");
+}
+
+// Will not write past `dn` bytes of `dest`, will not read past `sn` bytes of `src`. Otherwise, same as `strncat_n()`.
+static usize s_strncat_n(usize sn, usize dn; char dest[static pOUT dn], usize dn, const char src[static restrict sn], usize sn)
+{
+	TODO("double-bounded strncat");
+}
+
 // Returns number of bytes written to (dest+strlen(dest)). Otherwise same as `strncat()`.
 static inline usize strncat_n(char*pOUT dest, const char* restrict src, usize n)
 {