subprojects/c-shquote/src/c-shquote.c | 4 2 + 2 - 0 !
subprojects/c-shquote/src/test-private.c | 6 6 + 0 - 0 !
2 files changed, 8 insertions(+), 2 deletions(-)

 strnspn: fix buffer overflow
 Fix the strnspn and strncspn functions to use a properly sized buffer.
 It used to be 1 byte too short. Checking for `0xff` in a string will
 thus write `0xff` once byte beyond the stack space of the local buffer.
 .
 Note that the public API does not allow to pass `0xff` to those
 functions. Therefore, this is a read-only buffer overrun, possibly
 causing bogus reports from the parser, but still well-defined.

src/bus/peer.c | 2 1 + 1 - 0 !
src/util/user.c | 3 2 + 1 - 0 !
2 files changed, 3 insertions(+), 2 deletions(-)

 util/user: keep reference to user in each usage table
 Keep a reference to an owning user in each usage table. We want to allow
 callers to hold charges without holding on to any user references.
 .
 Also fix the peer-deinitialization to be ordered correctly and free the
 user references last (in particular, after the charges). This is not
 strictly necessary, but now follows our coding style and would have
 avoided possible failures.
 .
 This fixes an assertion failure when disconnecting entire groups of
 peers of the same user, due to the recent fix that actually made
 peer-accounting do something.

src/launch/service.c | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 launch/service: fix release of argv array
 While service_free() correctly releases the strv in `argv`, the
 service_update() path does not. It frees `argv`, but not the individual
 entries. Fix this and properly release all entries.

subprojects/c-stdaux/src/c-stdaux.h | 18 18 + 0 - 0 !
subprojects/c-stdaux/src/test-api.c | 1 1 + 0 - 0 !
subprojects/c-stdaux/src/test-basic.c | 28 28 + 0 - 0 !
3 files changed, 47 insertions(+)

 add c_memset()
 The memset(3) function causes UB if its area pointer is NULL, even if
 the area is 0-bytes in length. This is very unfortunate and requires
 unnecessary guards in most callers. We really want to be able to call
 memset(3) with NULL pointers on empty areas to avoid needless branching
 and complexity.
 .
 Provide c_memset() which is exactly like memset(3) for non-NULL areas,
 but a no-op for empty areas.

subprojects/c-stdaux/src/c-stdaux.h | 18 18 + 0 - 0 !
subprojects/c-stdaux/src/test-api.c | 1 1 + 0 - 0 !
subprojects/c-stdaux/src/test-basic.c | 13 13 + 0 - 0 !
3 files changed, 32 insertions(+)

 add c_memcpy()
 Alongside c_memset(), this adds c_memcpy() with the same trick of
 allowing empty copies.

src/broker/controller.c | 4 2 + 2 - 0 !
src/bus/bus.c | 4 2 + 2 - 0 !
src/bus/name.c | 2 1 + 1 - 0 !
src/dbus/message.c | 10 5 + 5 - 0 !
src/dbus/queue.c | 10 5 + 5 - 0 !
src/dbus/socket.c | 6 3 + 3 - 0 !
src/dbus/test-queue.c | 10 5 + 5 - 0 !
src/dbus/test-stitching.c | 10 5 + 5 - 0 !
src/launch/config.c | 12 6 + 6 - 0 !
src/launch/nss-cache.c | 4 2 + 2 - 0 !
src/util/fdlist.c | 2 1 + 1 - 0 !
src/util/log.c | 4 2 + 2 - 0 !
src/util/selinux.c | 4 2 + 2 - 0 !
src/util/user.c | 2 1 + 1 - 0 !
test/dbus/test-fdstream.c | 2 1 + 1 - 0 !
test/dbus/util-message.c | 2 1 + 1 - 0 !
16 files changed, 44 insertions(+), 44 deletions(-)

 global: use c_mem*() over mem*()
 Use the new c_mem*() functions rather than mem*() so we protect against
 NULL pointers in empty areas, which are UB with the classic mem*()
 functions.