url: do not read past end of buffer
[gitweb.git] / url.c
diff --git a/url.c b/url.c
index 25576c390baa79cb0a203d7f682e8f3442f91a60..9ea9d5611b73c024b42b0808841a143d50905b14 100644 (file)
--- a/url.c
+++ b/url.c
@@ -46,7 +46,7 @@ static char *url_decode_internal(const char **query, int len,
                        break;
                }
 
-               if (c == '%') {
+               if (c == '%' && (len < 0 || len >= 3)) {
                        int val = hex2chr(q + 1);
                        if (0 <= val) {
                                strbuf_addch(out, val);