From 5d87635c66aaa01bdf95f6b093b66c3d2768b696 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tim=20R=C3=BChsen?= <tim.ruehsen@gmx.de>
Date: Mon, 25 Mar 2019 16:05:47 +0100
Subject: [PATCH] Fix corner case in processing server response

* src/http.c (response_head_terminator): Don't access uninitialized data
* fuzz/wget_read_hunk_fuzzer.c: Sync response_head_terminator()
---
 fuzz/wget_read_hunk_fuzzer.c | 2 +-
 src/http.c                   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fuzz/wget_read_hunk_fuzzer.c b/fuzz/wget_read_hunk_fuzzer.c
index 3a17fc51..800cebd2 100644
--- a/fuzz/wget_read_hunk_fuzzer.c
+++ b/fuzz/wget_read_hunk_fuzzer.c
@@ -170,7 +170,7 @@ response_head_terminator (const char *start, const char *peeked, int peeklen)
           return p + 2;
       }
   /* p==end-2: check for \n\n directly preceding END. */
-  if (p[0] == '\n' && p[1] == '\n')
+  if (peeklen >= 2 && p[0] == '\n' && p[1] == '\n')
     return p + 2;
 
   return NULL;
diff --git a/src/http.c b/src/http.c
index 304a2f86..289d1101 100644
--- a/src/http.c
+++ b/src/http.c
@@ -553,7 +553,7 @@ response_head_terminator (const char *start, const char *peeked, int peeklen)
           return p + 2;
       }
   /* p==end-2: check for \n\n directly preceding END. */
-  if (p[0] == '\n' && p[1] == '\n')
+  if (peeklen >= 2 && p[0] == '\n' && p[1] == '\n')
     return p + 2;
 
   return NULL;