From 751b34ac0cc1a39e8232aeaaa3c04295b0ec503f Mon Sep 17 00:00:00 2001 Message-Id: <751b34ac0cc1a39e8232aeaaa3c04295b0ec503f.1714845909.git.mdw@distorted.org.uk> From: Mark Wooding Date: Tue, 15 Dec 2015 19:15:23 +0000 Subject: [PATCH] lib/cgi.c (cgi__input): Write terminating null within allocated buffer. Organization: Straylight/Edgeware From: Mark Wooding This one's been there forever. It sometimes results in `malloc' reporting a (rather impressive) assertion failure disorder: malloc.c:3096: sYSMALLOc: Assertion `(old_top == (((mbinptr) (((char *) &((av)->bins[((1) - 1) * 2])) - __builtin_offsetof (struct malloc_chunk, fd)))) && old_size == 0) || ((unsigned long) (old_size) >= (unsigned long)((((__builtin_offsetof (struct malloc_chunk, fd_nextsize))+((2 * (sizeof(size_t))) - 1)) & ~((2 * (sizeof(size_t))) - 1))) && ((old_top)->size & 0x1) && ((unsigned long)old_end & pagemask) == 0)' failed. often after producing the beginning of the output page, so the end user gets a blank window. Not really what we want. This fix closes issue #57. --- lib/cgi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/cgi.c b/lib/cgi.c index 9fd42f1..023c5bb 100644 --- a/lib/cgi.c +++ b/lib/cgi.c @@ -75,7 +75,7 @@ static void cgi__input(char **ptrp, size_t *np) { } if(memchr(q, 0, n)) disorder_fatal(0, "null character in request body"); - q[n + 1] = 0; + q[n] = 0; *ptrp = q; if(np) *np = n; -- [mdw]