Author: Mark Lodato <lodatom@gmail.com>
html: fix strcpy bug in convert_query_hexchar The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
html.c | 9 +++++----
diff --git a/html.c b/html.c index 66ba65dcf6245d6e7d78ccd3d8ac1f57376fb7d8..d86b2c16985053c3d539a7ee0d89bcd15d56375b 100644 --- a/html.c +++ b/html.c @@ -240,19 +240,20 @@ } char *convert_query_hexchar(char *txt) { - int d1, d2; - if (strlen(txt) < 3) { + int d1, d2, n; + n = strlen(txt); + if (n < 3) { *txt = '\0'; return txt-1; } d1 = hextoint(*(txt+1)); d2 = hextoint(*(txt+2)); if (d1<0 || d2<0) { - strcpy(txt, txt+3); + memmove(txt, txt+3, n-3); return txt-1; } else { *txt = d1 * 16 + d2; - strcpy(txt+1, txt+3); + memmove(txt+1, txt+3, n-2); return txt; } }