CATEGORY:
    MITRE CWE-170: Improper Null Termination.

REFERENCE: 
    https://cwe.mitre.org/data/definitions/170.html

EXPLANATION:
    The code has a couple of corner cases so it is natural to focus on the
    algorithm and expect the bug to be there,  however, the algorithm itself is
    fine. The defect is that the string, once reduced, is not terminated with a
    '\0' character.

CONSEQUENCES:
    Even though the string is correctly processed the actual length is not
    reduced. For instance:

    char str[] =  "The quick brown fox jumps over the lazy dog";
    reduce_string(str, 10, '..');

    should return
    "The .. dog"

    but actually results in
    "The .. dogbrown fox jumps over the lazy dog"

BUGFIX:
    When the last byte has been processed a string terminator needs to be
    inserted:

    if (excess_chars > 0) {
        ...

        // Append right part.
        int r = middle + to_be_dropped - to_be_dropped_half;
        while (p < max_len) {
            string[p++] = string[r++];
        }

        string[p] = '\0'; // <-- Bugfix!
    }

REMARKS:
    -