From: Patrick Griffis <pgriffis@igalia.com>
Date: Wed, 5 Feb 2025 14:39:42 -0600
Subject: [PATCH] sniffer: Fix potential overflow

---
 libsoup/soup-content-sniffer.c | 2 +-
 tests/sniffing-test.c          | 5 +++++
 tests/soup-tests.gresource.xml | 1 +
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/libsoup/soup-content-sniffer.c b/libsoup/soup-content-sniffer.c
index 967ec61..4c8134a 100644
--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -642,7 +642,7 @@ sniff_feed_or_html (SoupContentSniffer *sniffer, SoupBuffer *buffer)
 		pos = 3;
 
  look_for_tag:
-	if (pos > resource_length)
+	if (pos >= resource_length)
 		goto text_html;
 
 	if (skip_insignificant_space (resource, &pos, resource_length))
diff --git a/tests/sniffing-test.c b/tests/sniffing-test.c
index d2aa86b..0a4569a 100644
--- a/tests/sniffing-test.c
+++ b/tests/sniffing-test.c
@@ -605,6 +605,11 @@ main (int argc, char **argv)
 			      "type/text_html; charset=UTF-8/test.html => text/html; charset=UTF-8",
 			      do_sniffing_test);
 
+        /* Test hitting skip_insignificant_space() with number of bytes equaling resource_length. */
+	g_test_add_data_func ("/sniffing/whitespace",
+			      "type/text_html/whitespace.html => text/html",
+			      do_sniffing_test);
+
 	/* Test that disabling the sniffer works correctly */
 	g_test_add_data_func ("/sniffing/disabled",
 			      "/text_or_binary/home.gif",
diff --git a/tests/soup-tests.gresource.xml b/tests/soup-tests.gresource.xml
index 9c08d17..cbef1d4 100644
--- a/tests/soup-tests.gresource.xml
+++ b/tests/soup-tests.gresource.xml
@@ -25,5 +25,6 @@
     <file>resources/text.txt</file>
     <file>resources/text_binary.txt</file>
     <file>resources/tux.webp</file>
+    <file>resources/whitespace.html</file>
   </gresource>
 </gresources>