URL unescape: return the new length to the caller.

The avoids situations were we threw away the length, only for
the caller to have to strlen the returned string.

Note, there seems to be a case of the amiga front end writing
beyond end of allocation.  Added a TODO for now.

2 files changed, 5 insertions, 2 deletions

diff --git a/frontends/riscos/download.c b/frontends/riscos/download.c
index 1a0249e20..561409ed1 100644
--- a/frontends/riscos/download.c
+++ b/frontends/riscos/download.c
@@ -241,6 +241,7 @@ static nserror download_ro_filetype(download_context *ctx, bits *ftype_out)
 				char *raw_path;
 				if (url_unescape(lwc_string_data(path),
 						 lwc_string_length(path),
+						 NULL,
 						 &raw_path) == NSERROR_OK) {
 					ftype =	ro_filetype_from_unix_path(raw_path);
 					free(raw_path);
diff --git a/frontends/riscos/gui.c b/frontends/riscos/gui.c
index f55392f99..72eeb6282 100644
--- a/frontends/riscos/gui.c
+++ b/frontends/riscos/gui.c
@@ -1485,6 +1485,7 @@ static nserror ro_path_to_nsurl(const char *path, struct nsurl **url_out)
 static nserror ro_nsurl_to_path(struct nsurl *url, char **path_out)
 {
 	lwc_string *urlpath;
+	size_t unpath_len;
 	char *unpath;
 	char *path;
 	bool match;
@@ -1515,6 +1516,7 @@ static nserror ro_nsurl_to_path(struct nsurl *url, char **path_out)
 
 	res = url_unescape(lwc_string_data(urlpath),
 			   lwc_string_length(urlpath),
+			   &unpath_len,
 			   &unpath);
 	lwc_string_unref(urlpath);
 	if (res != NSERROR_OK) {
@@ -1522,14 +1524,14 @@ static nserror ro_nsurl_to_path(struct nsurl *url, char **path_out)
 	}
 
 	/* RISC OS path should not be more than 100 characters longer */
-	path = malloc(strlen(unpath) + 100);
+	path = malloc(unpath_len + 100);
 	if (path == NULL) {
 		free(unpath);
 		return NSERROR_NOMEM;
 	}
 
 	r = __riscosify(unpath, 0, __RISCOSIFY_NO_SUFFIX,
-			path, strlen(unpath) + 100, 0);
+			path, unpath_len + 100, 0);
 	free(unpath);
 	if (r == NULL) {
 		free(path);