Fix possible buffer overrun in rfc1738 encoder

diff --git a/lib/rfc1738.c b/lib/rfc1738.c
index 8e8fbafc6732a7c2c4e382cd5fcdf33bc7cbf261..1ea1a765e7883c6589eebd7f7daff74b70614341 100644 (file)
--- a/lib/rfc1738.c
+++ b/lib/rfc1738.c
@@ -98,7 +98,7 @@ rfc1738_do_escape(const char *url, int encode_reserved)
        bufsize = strlen(url) * 3 + 1;
        buf = xcalloc(bufsize, 1);
     }
-    for (p = url, q = buf; *p != '\0'; p++, q++) {
+    for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) {
        do_escape = 0;
 
        /* RFC 1738 defines these chars as unsafe */