[epiphany/mcatanzaro/memory-corruption] (Mostly) revert "Simplify ephy_string_shorten()"

[Michael Catanzaro <mcatanzaro src gnome org>]

commit 959a66213dcccc32271492bb04444099e0c6a471
Author: Michael Catanzaro <mcatanzaro redhat com>
Date:   Fri Apr 15 18:09:46 2022 -0500

    (Mostly) revert "Simplify ephy_string_shorten()"
    
    This (mostly) reverts commit 232c613472b38ff0d0d97338f366024ddb9cd228.
    
    I got my browser stuck in a crash loop today while visiting a website
    with a page title greater than ephy-embed.c's MAX_TITLE_LENGTH, the only
    condition in which ephy_string_shorten() is ever used. Turns out this
    commit is wrong: an ellipses is a multibyte character (three bytes in
    UTF-8) and so we're writing past the end of the buffer when calling
    strcat() here. Ooops.
    
    Shame it took nearly four years to notice and correct this.
    
    To improve readability, this doesn't restore the code completely to how
    it used to be. I've dropped the #define and the hex codes that are no
    longer useful, in favor of open-coding the …

 lib/ephy-string.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)
---
diff --git a/lib/ephy-string.c b/lib/ephy-string.c
index 35a148ab3..8e524d52c 100644
--- a/lib/ephy-string.c
+++ b/lib/ephy-string.c
@@ -114,11 +114,10 @@ ephy_string_shorten (char  *str,
   /* create string */
   bytes = GPOINTER_TO_UINT (g_utf8_offset_to_pointer (str, target_length - 1) - str);
 
-  /* +1 for ellipsis, +1 for trailing NUL */
-  new_str = g_new (gchar, bytes + 1 + 1);
+  new_str = g_new (gchar, bytes + strlen ("…") + 1);
 
   strncpy (new_str, str, bytes);
-  strcat (new_str, "…");
+  strncpy (new_str + bytes, "…", strlen ("…") + 1);
 
   g_free (str);