26454446729
42%

Ran 26 May 2026 02:38PM UTC

Jobs 1

Files 198

Run time 1min

Badge

Embed ▾

Committed 26 May 2026 02:27PM UTC coverage: 42.441% (-0.001%) from 42.442%

Build # 26454446729

Build Type

push

github

Committed by

web-flow

Commit Message

cgiutil: fix handling of malformed percent-encoding (#7511)

* cgiutil: fix handling of malformed percent-encoding

unescape_url() implicitly assumed that two hex digits
follow the percent sign without any checks.
This lead to an out-of-bounds read on malformed
percent-encoded URLs, such as "/?foo=bar%", and
undefined behavior if non-hex digits were supplied.

Fix this by verifying that two hex digits follow
the percent sign and only unescape it in this case.
In the malformed case, leave the percent-sign and
the following digits as-is.

Signed-off-by: Stefan Gloor <code@stefan-gloor.ch>

* Apply suggestions from code review

Co-authored-by: Even Rouault <even.rouault@spatialys.com>

* Formatting fix

* Apply suggestions from code review

Co-authored-by: Even Rouault <even.rouault@spatialys.com>

---------

Signed-off-by: Stefan Gloor <code@stefan-gloor.ch>
Co-authored-by: Even Rouault <even.rouault@spatialys.com>

Coverage Stats

9 of 17 new or added lines in 1 file covered. (52.94%)

64655 of 152341 relevant lines covered (42.44%)

27401.46 hits per line

Uncovered Changes

Lines	Coverage	∆	File
8	50.0	-1.21%	src/cgiutil.c

Jobs

ID	Job ID	Ran	Files	Coverage
1	26454446729.1	26 May 2026 02:38PM UTC	198	42.44	GitHub Action Run

MapServer / MapServer / 26454446729
42%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Changes

Jobs

Source Files on build 26454446729

MapServer / MapServer / 26454446729 42%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Uncovered Changes

Jobs

Source Files on build 26454446729

MapServer / MapServer / 26454446729
42%

README BADGES
x