From d8c62064ba606b88056ff6f2a3b1adae2d19727f Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Wed, 24 Jan 2007 21:08:44 +0000
Subject: [PATCH] * Fix a off-by-one error in parse_format_tag in the case that
 the last character   of the string to which *sa points is a %. In this case
 the while loop in   parse_format_string would call parse_format_tag with a
 pointer to a memory   region that starts one byte after the string to which s
 in parse_format_string   points to.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@499567 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/metadata/mod_headers.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index c7b2fc5d34..e139b5db9f 100644
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -309,7 +309,9 @@ static char *parse_format_tag(apr_pool_t *p, format_tag *tag, const char **sa)
     if ((*s == '%') || (*s == '\0')) {
         tag->func = constant_item;
         tag->arg = "%";
-        *sa = ++s;
+        if (*s)
+            s++;
+        *sa = s;
         return NULL;
     }
 
-- 
2.40.0