mirror of
https://git.zx2c4.com/cgit
synced 2024-11-10 02:28:41 +00:00
html.c: avoid out-of-bounds access for url_escape_table
This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
877ff68100
commit
9cae75d040
4
html.c
4
html.c
@ -162,7 +162,7 @@ void html_url_path(const char *txt)
|
|||||||
{
|
{
|
||||||
const char *t = txt;
|
const char *t = txt;
|
||||||
while(t && *t){
|
while(t && *t){
|
||||||
int c = *t;
|
unsigned char c = *t;
|
||||||
const char *e = url_escape_table[c];
|
const char *e = url_escape_table[c];
|
||||||
if (e && c!='+' && c!='&') {
|
if (e && c!='+' && c!='&') {
|
||||||
html_raw(txt, t - txt);
|
html_raw(txt, t - txt);
|
||||||
@ -179,7 +179,7 @@ void html_url_arg(const char *txt)
|
|||||||
{
|
{
|
||||||
const char *t = txt;
|
const char *t = txt;
|
||||||
while(t && *t){
|
while(t && *t){
|
||||||
int c = *t;
|
unsigned char c = *t;
|
||||||
const char *e = url_escape_table[c];
|
const char *e = url_escape_table[c];
|
||||||
if (c == ' ')
|
if (c == ' ')
|
||||||
e = "+";
|
e = "+";
|
||||||
|
Loading…
Reference in New Issue
Block a user