html: fix strcpy bug in convert_query_hexchar
authorMark Lodato <lodatom@gmail.com>
Sat, 28 Aug 2010 01:02:27 +0000 (21:02 -0400)
committerLars Hjemli <hjemli@gmail.com>
Sun, 29 Aug 2010 15:27:40 +0000 (17:27 +0200)
The source and destination strings in strcpy() may not overlap.
Instead, use memmove(), which allows overlap.  This fixes test t0104,
where 'url=foo%2bbar/tree' was being parsed improperly.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
html.c

diff --git a/html.c b/html.c
index 66ba65dcf6245d6e7d78ccd3d8ac1f57376fb7d8..d86b2c16985053c3d539a7ee0d89bcd15d56375b 100644 (file)
--- a/html.c
+++ b/html.c
@@ -240,19 +240,20 @@ int hextoint(char c)
 
 char *convert_query_hexchar(char *txt)
 {
-       int d1, d2;
-       if (strlen(txt) < 3) {
+       int d1, d2, n;
+       n = strlen(txt);
+       if (n < 3) {
                *txt = '\0';
                return txt-1;
        }
        d1 = hextoint(*(txt+1));
        d2 = hextoint(*(txt+2));
        if (d1<0 || d2<0) {
-               strcpy(txt, txt+3);
+               memmove(txt, txt+3, n-3);
                return txt-1;
        } else {
                *txt = d1 * 16 + d2;
-               strcpy(txt+1, txt+3);
+               memmove(txt+1, txt+3, n-2);
                return txt;
        }
 }