From 43700ddc5848efaaee49c77b4cd6e2e27774755d Mon Sep 17 00:00:00 2001
From: Valentin Bartenev <vbart@nginx.com>
Date: Thu, 25 Jul 2019 20:17:42 +0300
Subject: [PATCH] Fixed one byte overread in njs_string_to_c_string().

Short strings are packed quite tight in njs_value_t, so there's
no one more byte to test.

    struct {
        njs_value_type_t              type:8;

        uint8_t                       size:4;
        uint8_t                       length:4;

        u_char                        start[14];
    } short_string;

With 14 bytes string this occupies 16 bytes, which is equal
to sizeof(njs_value_t).
---
 njs/njs_string.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/njs/njs_string.c b/njs/njs_string.c
index 31ca7b22..6425d0af 100644
--- a/njs/njs_string.c
+++ b/njs/njs_string.c
@@ -3906,10 +3906,7 @@ njs_string_to_c_string(njs_vm_t *vm, njs_value_t *value)
         start = value->short_string.start;
         size = value->short_string.size;
 
-        if (start[size] == '\0') {
-            return start;
-
-        } else if (size < NJS_STRING_SHORT) {
+        if (size < NJS_STRING_SHORT) {
             start[size] = '\0';
             return start;
         }
-- 
2.47.3