From e264cc18783d63c069915fa6800a994d345d1a8e Mon Sep 17 00:00:00 2001
From: Faisal Ahmed Moshiur <19180457+fam007e@users.noreply.github.com>
Date: Wed, 8 Apr 2026 18:58:27 +0600
Subject: [PATCH] Fix potential use-after-free and overlapping memory copy in
 ffStrbufSetNS

---
 src/common/impl/FFstrbuf.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/common/impl/FFstrbuf.c b/src/common/impl/FFstrbuf.c
index ac09338434..3bf7edcbbc 100644
--- a/src/common/impl/FFstrbuf.c
+++ b/src/common/impl/FFstrbuf.c
@@ -248,14 +248,17 @@ void ffStrbufSetNS(FFstrbuf* strbuf, uint32_t length, const char* value) {
     assert(value != NULL);
 
     if (strbuf->allocated < length + 1) {
+        char* newBuf = malloc(sizeof(char) * (length + 1));
+        memcpy(newBuf, value, length);
         if (strbuf->allocated > 0) {
             free(strbuf->chars);
         }
+        strbuf->chars = newBuf;
         strbuf->allocated = length + 1;
-        strbuf->chars = malloc(sizeof(char) * strbuf->allocated);
+    } else {
+        memmove(strbuf->chars, value, length);
     }
 
-    memcpy(strbuf->chars, value, length);
     strbuf->length = length;
     strbuf->chars[length] = '\0';
 }