From 682f902c84c6d523ca47349867b59ff7b6bfa1df Mon Sep 17 00:00:00 2001
From: Igor Sysoev <igor@sysoev.ru>
Date: Wed, 31 Aug 2016 19:18:47 +0300
Subject: [PATCH] A fix in decodeURI() function.

---
 njs/njs_string.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/njs/njs_string.c b/njs/njs_string.c
index 5a0d5504..d47d6b49 100644
--- a/njs/njs_string.c
+++ b/njs/njs_string.c
@@ -2355,7 +2355,10 @@ njs_string_decode(njs_vm_t *vm, njs_value_t *value, const uint32_t *reserve)
         byte = *src++;
 
         if (byte == '%') {
-            if (size < 3) {
+
+            size -= 2;
+
+            if (size == 0) {
                 goto uri_error;
             }
 
@@ -2372,7 +2375,6 @@ njs_string_decode(njs_vm_t *vm, njs_value_t *value, const uint32_t *reserve)
             byte = (d0 << 4) + d1;
 
             if ((reserve[byte >> 5] & ((uint32_t) 1 << (byte & 0x1f))) == 0) {
-                size -= 2;
                 n += 2;
             }
         }
-- 
2.47.3