From f74f63109cdf9217f98e4675a8c40b4534bbdeef Mon Sep 17 00:00:00 2001
From: Matthew Fernandez <matthew.fernandez@gmail.com>
Date: Fri, 9 Dec 2022 20:50:53 -0800
Subject: [PATCH] common protect_rsqb: avoid accessing agxbuf internals

Avoiding this will ease some upcoming changes.

Gitlab: #2302
---
 lib/common/htmllex.c | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/lib/common/htmllex.c b/lib/common/htmllex.c
index a69e62966..02ad93ea0 100644
--- a/lib/common/htmllex.c
+++ b/lib/common/htmllex.c
@@ -897,15 +897,20 @@ static void protect_rsqb(agxbuf *xb) {
     return;
   }
 
-  // if the buffer does not end in a ], we have nothing to do
-  if (xb->ptr[-1] != ']') {
+  // check the last character and if it is not ], we have nothing to do
+  char *data = agxbuse(xb);
+  size_t size = strlen(data);
+  assert(size > 0);
+  if (data[size - 1] != ']') {
+    agxbput_move(xb, data);
     return;
   }
 
-  // rewind over the ]
-  --xb->ptr;
+  // truncate ] and write back the remaining prefix
+  data[size - 1] = '\0';
+  agxbput_move(xb, data);
 
-  // write an XML-escaped version of ]
+  // write an XML-escaped version of ] as a replacement
   agxbput(xb, "&#93;");
 }
 #endif
-- 
2.40.0