From 94e1c5a41b8037830a781e363fcdc366cd7225ca Mon Sep 17 00:00:00 2001
From: Sergey Lyubka <valenok@gmail.com>
Date: Sun, 12 May 2013 23:17:44 +0100
Subject: [PATCH] Added sanity checking in send_file_data()

---
 mongoose.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/mongoose.c b/mongoose.c
index a3b13dba0..94e369542 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -2727,6 +2727,9 @@ static void send_file_data(struct mg_connection *conn, struct file *filep,
   char buf[MG_BUF_LEN];
   int to_read, num_read, num_written;
 
+  // Sanity check the offset
+  offset = offset < 0 ? 0 : offset > filep->size ? filep->size : offset;
+
   if (len > 0 && filep->membuf != NULL && filep->size > 0) {
     if (len > filep->size - offset) {
       len = filep->size - offset;
-- 
GitLab