From 144ed4c10c3e73fb35b4a875377d5793e34201ee Mon Sep 17 00:00:00 2001
From: Sebastian Dransfeld <sebastian.dransfeld@sintef.no>
Date: Wed, 7 Aug 2013 11:55:22 +0200
Subject: [PATCH] efreet: Fix buffer overrun, leave space for '\0'

CID: #1039304, #1039305 and #1039306
---
 src/lib/efreet/efreet_uri.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/efreet/efreet_uri.c b/src/lib/efreet/efreet_uri.c
index 20ebe391b0..236f7e519c 100644
--- a/src/lib/efreet/efreet_uri.c
+++ b/src/lib/efreet/efreet_uri.c
@@ -38,7 +38,7 @@ efreet_uri_decode(const char *full_uri)
 
     /* parse protocol */
     p = full_uri;
-    for (i = 0; *p != ':' && *p != '\0' && i < 64; p++, i++)
+    for (i = 0; *p != ':' && *p != '\0' && i < (64 - 1); p++, i++)
          protocol[i] = *p;
     protocol[i] = '\0';
 
@@ -46,7 +46,7 @@ efreet_uri_decode(const char *full_uri)
     p += 3;
     if (*p != '/')
     {
-        for (i = 0; *p != '/' && *p != '\0' && i < _POSIX_HOST_NAME_MAX; p++, i++)
+        for (i = 0; *p != '/' && *p != '\0' && i < (_POSIX_HOST_NAME_MAX - 1); p++, i++)
             hostname[i] = *p;
         hostname[i] = '\0';
     }
@@ -55,7 +55,7 @@ efreet_uri_decode(const char *full_uri)
 
     /* parse path */
     /* See http://www.faqs.org/rfcs/rfc1738.html for the escaped chars */
-    for (i = 0; *p != '\0' && i < PATH_MAX; i++, p++)
+    for (i = 0; *p != '\0' && i < (PATH_MAX - 1); i++, p++)
     {
         if (*p == '%')
         {