From 6688b08c7b4c502ed905c9b46c1f957a96320443 Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 12 Aug 2014 12:51:48 +0100
Subject: [PATCH] Fix buffer overrun when HTML exceptions are used.

---
 src/tokenizers/tokenizers.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/tokenizers/tokenizers.c b/src/tokenizers/tokenizers.c
index eb7a489e5b..6598d66e85 100644
--- a/src/tokenizers/tokenizers.c
+++ b/src/tokenizers/tokenizers.c
@@ -137,11 +137,12 @@ get_next_word (f_str_t * buf, f_str_t * token, GList **exceptions)
 
 	token->len = 0;
 
-	remain = buf->len - (token->begin - buf->begin);
-	if (remain == 0) {
+	pos = token->begin - buf->begin;
+	if (pos >= buf->len) {
 		return NULL;
 	}
-	pos = token->begin - buf->begin;
+
+	remain = buf->len - pos;
 	p = token->begin;
 	/* Skip non delimiters symbols */
 	do {
-- 
2.47.3