Fix potential NULL pointer dereference, and buffer overruns

enc_utf16.c: move the arg check on putf16 being NULL up before it's used
riscos.c: strncat() includes a terminator, so don't terminate, and pass one less on the limit
unix.c: same again for strncat(), and don't assume strncpy() includes a terminator
Found by cppcheck static analysis.

Version 0.63. Tagged as 'Unicode-0_63'

VersionNum

-/* (0.62)
+/* (0.63)
  *
  * This file is automatically maintained by srccommit, do not edit manually.
  * Last processed by srccommit version: 1.1.
  *
  */
-#define Module_MajorVersion_CMHG        0.62
+#define Module_MajorVersion_CMHG        0.63
 #define Module_MinorVersion_CMHG        
-#define Module_Date_CMHG                09 Jul 2016
+#define Module_Date_CMHG                24 Jul 2018
 
-#define Module_MajorVersion             "0.62"
-#define Module_Version                  62
+#define Module_MajorVersion             "0.63"
+#define Module_Version                  63
 #define Module_MinorVersion             ""
-#define Module_Date                     "09 Jul 2016"
+#define Module_Date                     "24 Jul 2018"
 
-#define Module_ApplicationDate          "09-Jul-16"
+#define Module_ApplicationDate          "24-Jul-18"
 
 #define Module_ComponentName            "Unicode"
 #define Module_ComponentPath            "castle/RiscOS/Sources/Lib/Unicode"
 
-#define Module_FullVersion              "0.62"
-#define Module_HelpVersion              "0.62 (09 Jul 2016)"
-#define Module_LibraryVersionInfo       "0:62"
+#define Module_FullVersion              "0.63"
+#define Module_HelpVersion              "0.63 (24 Jul 2018)"
+#define Module_LibraryVersionInfo       "0:63"

c/enc_utf16

@@ -163,7 +163,7 @@ static int utf16_write(EncodingPriv *e, UCS4 u, unsigned char **putf16, int *buf
     UCS2 c = 0, cc = 0;
     int bom = 0;
 
-    if (u == NULL_UCS4)
+    if ((u == NULL_UCS4) || (putf16 == NULL))
 	return 0;
 
     utf16 = *putf16;
@@ -185,7 +185,7 @@ static int utf16_write(EncodingPriv *e, UCS4 u, unsigned char **putf16, int *buf
 	c = 0xFFFD;
     }
 
-    if ((*bufsize -= (cc ? 4 : 2) + bom) < 0 || !putf16)
+    if ((*bufsize -= (cc ? 4 : 2) + bom) < 0)
 	return 0;
 
     ue->first = 0;

c/riscos

@@ -50,8 +50,7 @@ int encoding__load_map_file(const char *leaf, UCS2 **ptable, int *pn_entries, in
     int alloc;
 
     strcpy(fname, "Unicode:Encodings.");
-    strncat(fname, leaf, sizeof(fname));
-    fname[sizeof(fname)-1] = 0;
+    strncat(fname, leaf, sizeof(fname)-1);
 
     /* Check it's a file, and get it's length */
     _swix(OS_File, _INR(0,1)|_OUT(0)|_OUT(4), 23, fname, &ftype, &flen);

c/unix

@@ -54,12 +54,12 @@ int encoding__load_map_file(const char *leaf, UCS2 **ptable, int *pn_entries, in
     if (s == NULL)
 	s = "/usr/local/etc/unicode";
 
-    strncpy(fname, s, sizeof(fname));
+    *fname = '\0';
+    strncat(fname, s, sizeof(fname)-1);
     if ( fname[ strlen(fname)-1 ] != '/' )
 	strcat( fname, "/" );
-    strncat(fname, "Encodings/", sizeof(fname));
-    strncat(fname, leaf, sizeof(fname));
-    fname[sizeof(fname)-1] = 0;
+    strncat(fname, "Encodings/", sizeof(fname)-1);
+    strncat(fname, leaf, sizeof(fname)-1);
 
     /* We get to search the directory, because the leafname may be a prefix */
     slash = strrchr(fname, '/');
@@ -75,7 +75,7 @@ int encoding__load_map_file(const char *leaf, UCS2 **ptable, int *pn_entries, in
         if (strncmp(dp->d_name, slash, strlen(slash)) == 0) {
             *(slash - 1) = '/';
             *slash = '\0';
-            strncat(fname, dp->d_name, sizeof(fname));
+            strncat(fname, dp->d_name, sizeof(fname)-1);
             break;
         }
     }