Fix passing non-terminated string to font functions.

The string that is built for hashing the escapements for missing
chars was not 0 terminated, leading to accesses past the string.
Depending on what followed an allocation that could lead to too long
strings being sent to the app_server for evaluation (where, due to
defensive, programming nothing bad would actually happen). In the
unfortunate case that nothing followed the allocation (i.e. end of
heap area), it could also lead to an application crash.

Therefore ensure 0 termination of the string, check for allocation
failure and use memcpy() instead of a for loop to copy the bytes from
one string to the other.

src/kits/interface/textview_support/WidthBuffer.cpp

@@ -133,15 +133,21 @@ WidthBuffer::StringWidth(const char* inText, int32 fromOffset,
 			int32 offset = textLen;
 			textLen += charLen;
 			numChars++;
-			text = (char*)realloc(text, textLen);
-			for (int32 x = 0; x < charLen; x++)
-				text[offset + x] = sourceText[x];
+			char* newText = (char*)realloc(text, textLen + 1);
+			if (newText == NULL) {
+				free(text);
+				return 0;
+			}
+
+			text = newText;
+			memcpy(&text[offset], sourceText, charLen);
 		}
 	}
 
 	if (text != NULL) {
 		// We've found some characters which aren't yet in the hash table.
 		// Get their width via HashEscapements()
+		text[textLen] = 0;
 		stringWidth += HashEscapements(text, numChars, textLen, index, inStyle);
 		free(text);
 	}