From 65abf31f226588d7eb3315d8b07449b4cb7f22bf Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Tue, 12 Aug 2014 12:51:48 +0100
Subject: [PATCH] Fix buffer overrun when HTML exceptions are used.

---
 src/tokenizers/tokenizers.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/tokenizers/tokenizers.c b/src/tokenizers/tokenizers.c
index 43dcfac82..040c1dd79 100644
--- a/src/tokenizers/tokenizers.c
+++ b/src/tokenizers/tokenizers.c
@@ -137,11 +137,12 @@ get_next_word (f_str_t * buf, f_str_t * token, GList **exceptions)
 
 	token->len = 0;
 
-	remain = buf->len - (token->begin - buf->begin);
-	if (remain == 0) {
+	pos = token->begin - buf->begin;
+	if (pos >= buf->len) {
 		return NULL;
 	}
-	pos = token->begin - buf->begin;
+
+	remain = buf->len - pos;
 	p = token->begin;
 	/* Skip non delimiters symbols */
 	do {
-- 
2.39.5