From fc384b16fb9787380746000d3cea2d53fccc548e Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Mon, 28 Feb 2011 12:18:57 +0100 Subject: do not infloop on a query ending in %XY, for invalid hex X or Y When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli --- html.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/html.c b/html.c index d86b2c1..5336596 100644 --- a/html.c +++ b/html.c @@ -249,7 +249,7 @@ char *convert_query_hexchar(char *txt) d1 = hextoint(*(txt+1)); d2 = hextoint(*(txt+2)); if (d1<0 || d2<0) { - memmove(txt, txt+3, n-3); + memmove(txt, txt+3, n-2); return txt-1; } else { *txt = d1 * 16 + d2; -- cgit 1.4.1