diff options
author | Mark Lodato <lodatom@gmail.com> | 2010-08-28 10:02:27 (JST) |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2010-08-30 00:27:40 (JST) |
commit | 48434780ca62fde84337ea1e797f642de5ca50d5 (patch) | |
tree | ad6a67137124a5ae70de10dd29e84bd6bf21c6ea /html.c | |
parent | c94414a4c8cd099f5737e8b4066693d07ce78f61 (diff) | |
download | cgit-48434780ca62fde84337ea1e797f642de5ca50d5.zip cgit-48434780ca62fde84337ea1e797f642de5ca50d5.tar.gz |
html: fix strcpy bug in convert_query_hexchar
The source and destination strings in strcpy() may not overlap.
Instead, use memmove(), which allows overlap. This fixes test t0104,
where 'url=foo%2bbar/tree' was being parsed improperly.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
Diffstat (limited to 'html.c')
-rw-r--r-- | html.c | 9 |
1 files changed, 5 insertions, 4 deletions
@@ -240,19 +240,20 @@ int hextoint(char c) | |||
240 | 240 | ||
241 | char *convert_query_hexchar(char *txt) | 241 | char *convert_query_hexchar(char *txt) |
242 | { | 242 | { |
243 | int d1, d2; | 243 | int d1, d2, n; |
244 | if (strlen(txt) < 3) { | 244 | n = strlen(txt); |
245 | if (n < 3) { | ||
245 | *txt = '\0'; | 246 | *txt = '\0'; |
246 | return txt-1; | 247 | return txt-1; |
247 | } | 248 | } |
248 | d1 = hextoint(*(txt+1)); | 249 | d1 = hextoint(*(txt+1)); |
249 | d2 = hextoint(*(txt+2)); | 250 | d2 = hextoint(*(txt+2)); |
250 | if (d1<0 || d2<0) { | 251 | if (d1<0 || d2<0) { |
251 | strcpy(txt, txt+3); | 252 | memmove(txt, txt+3, n-3); |
252 | return txt-1; | 253 | return txt-1; |
253 | } else { | 254 | } else { |
254 | *txt = d1 * 16 + d2; | 255 | *txt = d1 * 16 + d2; |
255 | strcpy(txt+1, txt+3); | 256 | memmove(txt+1, txt+3, n-2); |
256 | return txt; | 257 | return txt; |
257 | } | 258 | } |
258 | } | 259 | } |