[AD] Patch for rare buffer overflow of do_uconvert with tiny buffer sizes

[Grzegorz Adam Hankiewicz <gradha@xxxxxxxxxx>]

The following program exposes a buffer overflow in current Allegro:

   #include <allegro.h>
   
   int main(int argc, char *argv[])
   {
      char temp[] = "1234567\n";
      allegro_init();
      do_uconvert("yay", U_ASCII, temp, U_UNICODE, 1);
      allegro_message("(%d)(%d)(%d)(%d)\n",
         temp[0], temp[1], temp[2], temp[3]);
      return 0;
   }
   END_OF_MAIN()

Running it you get the output "(0)(0)(51)(52)", where the second
byte has been overwritten because do_uconvert tries to write the NULL
string terminator, which in U_UNICODE has the length of two bytes. I
also found the undocumented behaviour of using a negative value for
size, which IMHO is a bad idea.

The following patch tries to remend the buffer overflow with an
assertion in debug mode, and using the correct sizes in the other
parts of the lib. If this patch is accepted, a documentation patch
will follow, documenting the requisite of size being positive and
big enough to hold at least the string's NULL terminator.

Running the example with the patch, an assertion in line 666 is
raised, which is quite cool.

Attachment: do_uconvert_patch.diff.gz
Description: application/gunzip