[epiphany/mcatanzaro/memory-corruption] Revert "Simplify ephy_string_shorten()"

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 68581ff560a080efe20389be6f015251f0f9f928
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Fri Apr 15 18:09:46 2022 -0500

    Revert "Simplify ephy_string_shorten()"
    
    This reverts commit 232c613472b38ff0d0d97338f366024ddb9cd228.
    
    I got my browser stuck in a crash loop today while visiting a website
    with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
    condition in which ephy_string_shorten() is ever used. Turns out this
    commit is wrong: an ellipses is a multibyte character (three bytes in
    UTF-8) and so we're writing past the end of the buffer when calling
    strcat() here. Ooops.
    
    Shame it took nearly four years to notice and correct this.

 lib/ephy-string.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)
---
diff --git a/lib/ephy-string.c b/lib/ephy-string.c
index 35a148ab3..984644c99 100644
--- a/lib/ephy-string.c
+++ b/lib/ephy-string.c
@@ -28,6 +28,8 @@
 #include <string.h>
 #include <sys/types.h>
 
+#define ELLIPSIS "\xe2\x80\xa6"
+
 gboolean
 ephy_string_to_int (const char *string,
                     gulong     *integer)
@@ -114,11 +116,10 @@ ephy_string_shorten (char  *str,
   /* create string */
   bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
 
-  /* +1 for ellipsis, +1 for trailing NUL */
-  new_str = g_new (gchar, bytes + 1 + 1);
+  new_str = g_new (gchar, bytes + strlen (ELLIPSIS) + 1);
 
   strncpy (new_str, str, bytes);
-  strcat (new_str, "…");
+  strncpy (new_str + bytes, ELLIPSIS, strlen (ELLIPSIS) + 1);
 
   g_free (str);