about summary refs log tree commit diff
path: root/html.c
diff options
context:
space:
mode:
authorMark Lodato <lodatom@gmail.com>2010-08-27 21:02:27 -0400
committerLars Hjemli <hjemli@gmail.com>2010-08-29 17:27:40 +0200
commit48434780ca62fde84337ea1e797f642de5ca50d5 (patch)
treead6a67137124a5ae70de10dd29e84bd6bf21c6ea /html.c
parentc94414a4c8cd099f5737e8b4066693d07ce78f61 (diff)
downloadcgit-pink-48434780ca62fde84337ea1e797f642de5ca50d5.tar.gz
cgit-pink-48434780ca62fde84337ea1e797f642de5ca50d5.zip
html: fix strcpy bug in convert_query_hexchar
The source and destination strings in strcpy() may not overlap.
Instead, use memmove(), which allows overlap.  This fixes test t0104,
where 'url=foo%2bbar/tree' was being parsed improperly.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
Diffstat (limited to 'html.c')
-rw-r--r--html.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/html.c b/html.c
index 66ba65d..d86b2c1 100644
--- a/html.c
+++ b/html.c
@@ -240,19 +240,20 @@ int hextoint(char c)
 
 char *convert_query_hexchar(char *txt)
 {
-	int d1, d2;
-	if (strlen(txt) < 3) {
+	int d1, d2, n;
+	n = strlen(txt);
+	if (n < 3) {
 		*txt = '\0';
 		return txt-1;
 	}
 	d1 = hextoint(*(txt+1));
 	d2 = hextoint(*(txt+2));
 	if (d1<0 || d2<0) {
-		strcpy(txt, txt+3);
+		memmove(txt, txt+3, n-3);
 		return txt-1;
 	} else {
 		*txt = d1 * 16 + d2;
-		strcpy(txt+1, txt+3);
+		memmove(txt+1, txt+3, n-2);
 		return txt;
 	}
 }