Off-by-one errors in btrimws() and brtrimws()

[Rasmus Villemoes]

I believe there is an off-by-one error in the code which \0-terminates the char-buffer in btrimws() and brtrimws(). It is tested whether mlen is greater than i, but that only permits writing to indices up to and including i, not i+1 as is done.

Running the below under valgrind confirms this.

#include <stdio.h>
#include <stdlib.h>

#include "bstrlib.h"

int main(int argc, char *argv) {
  struct tagbstring foo;
  foo.data = malloc(3);
  foo.data = foo.data = foo.data = 'x';
  foo.mlen = 3;
  foo.slen = 3;

  printf("%d\n", btrimws(&foo) == BSTR_OK);

  return 0;
}