From 654adaf82abd0c09e3aeaaac0d5442fa08617ebb Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Mon, 16 Apr 2018 05:57:18 +0800
Subject: [PATCH] spa: fix potential overrun

---
 lib/roles/http/server/lws-spa.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/lib/roles/http/server/lws-spa.c b/lib/roles/http/server/lws-spa.c
index bc5acff5..b3ed050c 100644
--- a/lib/roles/http/server/lws-spa.c
+++ b/lib/roles/http/server/lws-spa.c
@@ -244,12 +244,13 @@ retry_as_first:
 				n = 0;
 				if (!s->boundary_real_crlf)
 					n = 2;
-
-				memcpy(s->out + s->pos, s->mime_boundary + n,
-				       s->mp - n);
-				s->pos += s->mp;
-				s->mp = 0;
-				goto retry_as_first;
+				if (s->mp >= n) {
+					memcpy(s->out + s->pos,
+					       s->mime_boundary + n, s->mp - n);
+					s->pos += s->mp;
+					s->mp = 0;
+					goto retry_as_first;
+				}
 			}
 
 			s->out[s->pos++] = *in;