From e5cc9b33aabceff79b0b96a7fbe343d4df0491ed Mon Sep 17 00:00:00 2001 From: Tim Kientzle Date: Wed, 28 May 2008 18:16:53 -0400 Subject: [PATCH] Minor code hardening; check that two bytes following '%' are non-NULL before we try to use them. SVN-Revision: 100 --- libarchive/archive_read_support_format_tar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libarchive/archive_read_support_format_tar.c b/libarchive/archive_read_support_format_tar.c index 6d7f048a4..7bd840d62 100644 --- a/libarchive/archive_read_support_format_tar.c +++ b/libarchive/archive_read_support_format_tar.c @@ -2362,7 +2362,7 @@ url_decode(const char *in) if (out == NULL) return (NULL); for (s = in, d = out; *s != '\0'; ) { - if (*s == '%') { + if (s[0] == '%' && s[1] != '\0' && s[2] != '\0') { /* Try to convert % escape */ int digit1 = tohex(s[1]); int digit2 = tohex(s[2]); -- 2.47.3