From a9a987942d0121a9098ab155dcfe0e01318c0db3 Mon Sep 17 00:00:00 2001
From: "Alfred E. Heggestad" <aeh@db.org>
Date: Sat, 30 Jan 2016 00:27:18 +0000
Subject: [PATCH] uri: fix buffer overflow

---
 src/uri/uric.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/uri/uric.c b/src/uri/uric.c
index e00350d..1d97dfe 100644
--- a/src/uri/uric.c
+++ b/src/uri/uric.c
@@ -172,7 +172,7 @@ static int comp_unescape(struct re_printf *pf, const struct pl *pl, esc_h *eh)
 		}
 
 		if ('%' == c) {
-			if (i < (pl->l - 2)) {
+			if (i+2 < pl->l) {
 				const uint8_t hi = ch_hex(pl->p[++i]);
 				const uint8_t lo = ch_hex(pl->p[++i]);
 				const char b = hi<<4 | lo;