# HG changeset patch
# User Yoshiki Yazawa <yaz@honeyplanet.jp>
# Date 1246758027 -32400
# Node ID 5a22c65d019ca0b854b81c854b8ef214f04299af
# Parent  aa1f0dd1a723188f2c7dc24036e3fed2be9b7c79
fix for memory overrun

diff -r aa1f0dd1a723 -r 5a22c65d019c util.c
--- a/util.c	Thu Jul 02 15:54:44 2009 +0900
+++ b/util.c	Sun Jul 05 10:40:27 2009 +0900
@@ -77,10 +77,12 @@
 
     const gchar *ptr, *ent;
     gchar *ptr2;
+    gint srclen;
     gint entlen;
 
     /* unescape &x; */
-    html = g_malloc0(strlen(src) + 1);
+    srclen = strlen(src);
+    html = g_malloc0(srclen + 1);
     ptr2 = html;
     for(ptr = src; *ptr; ) {
         if(*ptr == '&') {
@@ -98,6 +100,8 @@
         else {
             *ptr2++ = *ptr++;
         }
+        if(ptr2 - html > srclen)
+            break;
     } /* for */
 
     str = g_strdup("\0");