From 8b80e45585f4e7a527c4b2a8553e70ac3f1cf606 Mon Sep 17 00:00:00 2001
From: Fabian Keil <fk@fabiankeil.de>
Date: Sun, 1 Jun 2014 13:55:20 +0200
Subject: [PATCH] Fix memory corruption in sc_html_read_line()

Previously fread() could fill the whole buffer
in which case buf[n] = '\0' messed up the stack.

Introduced in d0c64a09 + 4ab3585743.
---
 src/html.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/html.c b/src/html.c
index f7b0ac4..71338af 100644
--- a/src/html.c
+++ b/src/html.c
@@ -445,7 +445,7 @@ static SC_HTMLState sc_html_read_line(SC_HTMLParser *parser)
 	if (parser->fp == NULL)
 		return SC_HTML_EOF;
 
-	n = fread(buf, 1, sizeof(buf), parser->fp);
+	n = fread(buf, 1, sizeof(buf) - 1, parser->fp);
 	if (n == 0) {
 		parser->state = SC_HTML_EOF;
 		return SC_HTML_EOF;
-- 
1.9.0