Fix off-by-one error in launch_other_browser

quote+1 has length one less than quote, so asking memmove() to move
strlen(quote)+1 bytes (including the \0) starting at quote+1 results in
writing one byte beyond the end of the memory area.  Found by valgrind.

diff --git a/launcher.c b/launcher.c
index d9fa584..24dff0a 100644 (file)
--- a/launcher.c
+++ b/launcher.c
@@ -154,7 +154,7 @@ static void launch_other_browser(struct swb_context *ctx, char *uri) {
 
                        /* Move the string after the ', including the \0,
                           over two chars */
 
                        /* Move the string after the ', including the \0,
                           over two chars */

-                       memmove(quote+3, quote+1, strlen(quote)+1);
+                       memmove(quote+3, quote+1, strlen(quote));

                        memcpy(quote, "%27", 3);
                        quote = quote + 3;
                }
                        memcpy(quote, "%27", 3);
                        quote = quote + 3;
                }