wstring concat and assign buffer overrun #145
Description
When using concatenate and assign operator &= on fixed length wstring buffer, the null terminator can be overwritten causing a buffer overrun on a subsequent operation.
dim a as wstring * 5
dim b as wstring * 3 = "12"
a &= b
print len(a) '' 2
a &= b
print len(a) '' 4
a &= b
print len(a) '' 6 (a buffer overrun)
a &= b '' then segfault (most usually)
print len(a)
Appears to be due to wrong logic in fb_WstrConcatAssign(). Length of memory to write is clamped, but logic assumes last character is a null. Last character written to the buffer is not null if the source string is truncated. And no null character is explicitly written.