diff options
author | Mark Lodato | 2010-08-27 21:02:27 -0400 |
---|---|---|
committer | Lars Hjemli | 2010-08-29 17:27:40 +0200 |
commit | 48434780ca62fde84337ea1e797f642de5ca50d5 (patch) | |
tree | ad6a67137124a5ae70de10dd29e84bd6bf21c6ea | |
parent | t0108-patch: add 'tests_done' to end (diff) | |
download | cgit-48434780ca62fde84337ea1e797f642de5ca50d5.tar.gz cgit-48434780ca62fde84337ea1e797f642de5ca50d5.zip |
html: fix strcpy bug in convert_query_hexchar
The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
-rw-r--r-- | html.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/html.c b/html.c index 66ba65d..d86b2c1 100644 --- a/html.c +++ b/html.c | |||
@@ -240,19 +240,20 @@ int hextoint(char c) | |||
240 | 240 | ||
241 | char *convert_query_hexchar(char *txt) | 241 | char *convert_query_hexchar(char *txt) |
242 | { | 242 | { |
243 | int d1, d2; | 243 | int d1, d2, n; |
244 | if (strlen(txt) < 3) { | 244 | n = strlen(txt); |
245 | if (n < 3) { | ||
245 | *txt = '\0'; | 246 | *txt = '\0'; |
246 | return txt-1; | 247 | return txt-1; |
247 | } | 248 | } |
248 | d1 = hextoint(*(txt+1)); | 249 | d1 = hextoint(*(txt+1)); |
249 | d2 = hextoint(*(txt+2)); | 250 | d2 = hextoint(*(txt+2)); |
250 | if (d1<0 || d2<0) { | 251 | if (d1<0 || d2<0) { |
251 | strcpy(txt, txt+3); | 252 | memmove(txt, txt+3, n-3); |
252 | return txt-1; | 253 | return txt-1; |
253 | } else { | 254 | } else { |
254 | *txt = d1 * 16 + d2; | 255 | *txt = d1 * 16 + d2; |
255 | strcpy(txt+1, txt+3); | 256 | memmove(txt+1, txt+3, n-2); |
256 | return txt; | 257 | return txt; |
257 | } | 258 | } |
258 | } | 259 | } |