fix: encode() UB pointer arithmetic for small buffers

alandefreitas · alandefreitas · commit ec15fce38cf6 · 2026-03-02T19:44:17.000-05:00
diff --git a/include/boost/url/impl/encode.hpp b/include/boost/url/impl/encode.hpp
@@ -132,7 +132,6 @@ encode(
     auto const end = dest + size;
     auto const last = it + s.size();
     auto const dest0 = dest;
-    auto const end3 = end - 3;
 
     if (!opt.space_as_plus)
     {
@@ -147,7 +146,7 @@ encode(
                 ++it;
                 continue;
             }
-            if (dest > end3)
+            if (end - dest < 3)
                 return dest - dest0;
             encode(dest, c);
             ++it;
@@ -177,7 +176,7 @@ encode(
                 ++it;
                 continue;
             }
-            if(dest > end3)
+            if(end - dest < 3)
                 return dest - dest0;
             encode(dest, c);
             ++it;
diff --git a/test/unit/encode.cpp b/test/unit/encode.cpp
@@ -196,11 +196,25 @@ class encode_test
         }
     }
 
+    void
+    testEncodeZeroDest()
+    {
+        // encode() with zero-size dest buffer
+        // must not perform UB pointer arithmetic
+        {
+            char buf[1] = {};
+            std::size_t n = encode(
+                buf, 0, "test", pchars);
+            BOOST_TEST_EQ(n, 0u);
+        }
+    }
+
     void
     run()
     {
         testEncode();
         testEncodeExtras();
+        testEncodeZeroDest();
         testJavadocs();
     }
 };
