aboutsummaryrefslogtreecommitdiffstats
path: root/html.c
diff options
context:
space:
mode:
authorGravatar Mark Lodato <lodatom@gmail.com>2010-08-28 10:02:27 (JST)
committerGravatar Lars Hjemli <hjemli@gmail.com>2010-08-30 00:27:40 (JST)
commit48434780ca62fde84337ea1e797f642de5ca50d5 (patch)
treead6a67137124a5ae70de10dd29e84bd6bf21c6ea /html.c
parentc94414a4c8cd099f5737e8b4066693d07ce78f61 (diff)
downloadcgit-48434780ca62fde84337ea1e797f642de5ca50d5.zip
cgit-48434780ca62fde84337ea1e797f642de5ca50d5.tar.gz
html: fix strcpy bug in convert_query_hexchar
The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
Diffstat (limited to 'html.c')
-rw-r--r--html.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/html.c b/html.c
index 66ba65d..d86b2c1 100644
--- a/html.c
+++ b/html.c
@@ -240,19 +240,20 @@ int hextoint(char c)
240 240
241char *convert_query_hexchar(char *txt) 241char *convert_query_hexchar(char *txt)
242{ 242{
243 int d1, d2; 243 int d1, d2, n;
244 if (strlen(txt) < 3) { 244 n = strlen(txt);
245 if (n < 3) {
245 *txt = '\0'; 246 *txt = '\0';
246 return txt-1; 247 return txt-1;
247 } 248 }
248 d1 = hextoint(*(txt+1)); 249 d1 = hextoint(*(txt+1));
249 d2 = hextoint(*(txt+2)); 250 d2 = hextoint(*(txt+2));
250 if (d1<0 || d2<0) { 251 if (d1<0 || d2<0) {
251 strcpy(txt, txt+3); 252 memmove(txt, txt+3, n-3);
252 return txt-1; 253 return txt-1;
253 } else { 254 } else {
254 *txt = d1 * 16 + d2; 255 *txt = d1 * 16 + d2;
255 strcpy(txt+1, txt+3); 256 memmove(txt+1, txt+3, n-2);
256 return txt; 257 return txt;
257 } 258 }
258} 259}