diff --git a/dlls/mshtml/navigate.c b/dlls/mshtml/navigate.c
index c1cd9f60d8b..eb64656e3ad 100644
--- a/dlls/mshtml/navigate.c
+++ b/dlls/mshtml/navigate.c
@@ -399,7 +399,7 @@ static void parse_post_data(nsIInputStream *post_data_stream, LPWSTR *headers_re
HGLOBAL post_data = NULL;
LPWSTR headers = NULL;
DWORD headers_len = 0, len;
- const char *ptr, *ptr2;
+ const char *ptr, *ptr2, *post_data_end;
nsIInputStream_Available(post_data_stream, &available);
post_data = GlobalAlloc(0, available+1);
@@ -408,9 +408,10 @@ static void parse_post_data(nsIInputStream *post_data_stream, LPWSTR *headers_re
TRACE("post_data = %s\n", debugstr_an(post_data, post_data_len));
ptr = ptr2 = post_data;
+ post_data_end = (const char*)post_data+post_data_len;
- while(*ptr && (*ptr != '\r' || ptr[1] != '\n')) {
- while(*ptr && (*ptr != '\r' || ptr[1] != '\n'))
+ while(ptr < post_data_end && (*ptr != '\r' || ptr[1] != '\n')) {
+ while(ptr < post_data_end && (*ptr != '\r' || ptr[1] != '\n'))
ptr++;
if(!*ptr) {
@@ -445,24 +446,21 @@ static void parse_post_data(nsIInputStream *post_data_stream, LPWSTR *headers_re
headers[headers_len] = 0;
*headers_ret = headers;
- if(*ptr)
- ptr += 2;
-
- if(!*ptr || !(ptr-(const char*)post_data)) {
+ if(ptr >= post_data_end-2) {
GlobalFree(post_data);
return;
}
+ ptr += 2;
+
if(headers_len) {
post_data_len -= ptr-(const char*)post_data;
memmove(post_data, ptr, post_data_len);
post_data = GlobalReAlloc(post_data, post_data_len+1, 0);
}
- *((PBYTE)post_data+post_data_len) = 0;
-
*post_data_ret = post_data;
- *post_data_len_ret = post_data_len+1;
+ *post_data_len_ret = post_data_len;
}
void hlink_frame_navigate(NSContainer *container, IHlinkFrame *hlink_frame,
@@ -478,7 +476,8 @@ void hlink_frame_navigate(NSContainer *container, IHlinkFrame *hlink_frame,
if(post_data_stream) {
parse_post_data(post_data_stream, &headers, &post_data, &post_data_len);
- TRACE("headers = %s post_data = %s\n", debugstr_w(headers), debugstr_a(post_data));
+ TRACE("headers = %s post_data = %s\n", debugstr_w(headers),
+ debugstr_an(post_data, post_data_len));
}
callback = BSCallback_Create(container->doc, uri, post_data, post_data_len, headers);
diff --git a/dlls/mshtml/persist.c b/dlls/mshtml/persist.c
index 7649ee68779..6f181a62a62 100644
--- a/dlls/mshtml/persist.c
+++ b/dlls/mshtml/persist.c
@@ -332,10 +332,10 @@ static nsIInputStream *get_post_data_stream(IBindCtx *bctx)
hres = IBindStatusCallback_GetBindInfo(callback, &bindf, &bindinfo);
if(SUCCEEDED(hres) && bindinfo.dwBindVerb == BINDVERB_POST)
- post_len = bindinfo.cbStgmedData-1;
+ post_len = bindinfo.cbStgmedData;
if(headers_len || post_len) {
- int len = headers_len;
+ int len = headers_len ? headers_len-1 : 0;
static const char content_length[] = "Content-Length: %lu\r\n\r\n";
@@ -347,7 +347,7 @@ static nsIInputStream *get_post_data_stream(IBindCtx *bctx)
}
if(post_len) {
- sprintf(data+headers_len-1, content_length, post_len);
+ sprintf(data+len, content_length, post_len);
len = strlen(data);
memcpy(data+len, bindinfo.stgmedData.u.hGlobal, post_len);
@@ -355,7 +355,7 @@ static nsIInputStream *get_post_data_stream(IBindCtx *bctx)
TRACE("data = %s\n", debugstr_an(data, len+post_len));
- ret = create_nsstream(data, strlen(data));
+ ret = create_nsstream(data, len+post_len);
}
ReleaseBindInfo(&bindinfo);
@@ -438,7 +438,7 @@ static HRESULT WINAPI PersistMoniker_Load(IPersistMoniker *iface, BOOL fFullyAva
* it (to do so we'd have to use not frozen interfaces)?
*/
- nsIInputStream *post_data_stream = get_post_data_stream(pibc);;
+ nsIInputStream *post_data_stream = get_post_data_stream(pibc);
This->nscontainer->load_call = TRUE;
nsres = nsIWebNavigation_LoadURI(This->nscontainer->navigation, url,