uri decode: fix for warning "use of uninitialised value"

This patch add check in evhttp_decode_uri_internal() that next 2 symbols
are exists in array of chars for decoding, if don't have two next 2
symbols don't try to decode '%FF'

diff --git a/http.c b/http.c
index b94fed8c93ebc502d2b7190f6c3894c1934b8ec5..ff331e6c0b0b2276ff6655ab20297d5a24b7ca3a 100644 (file)
--- a/http.c
+++ b/http.c
@@ -2889,8 +2889,8 @@ evhttp_decode_uri_internal(
                                decode_plus = 1;
                } else if (c == '+' && decode_plus) {
                        c = ' ';
-               } else if (c == '%' && EVUTIL_ISXDIGIT_(uri[i+1]) &&
-                   EVUTIL_ISXDIGIT_(uri[i+2])) {
+               } else if (length > 2 && i < (length - 2) && c == '%' &&
+                       EVUTIL_ISXDIGIT_(uri[i+1]) && EVUTIL_ISXDIGIT_(uri[i+2])) {
                        char tmp[3];
                        tmp[0] = uri[i+1];
                        tmp[1] = uri[i+2];