From 515a3f986fb9fcece24ba9b331fd533b62bc6a69 Mon Sep 17 00:00:00 2001
From: Charles Kerr <charles@transmissionbt.com>
Date: Wed, 2 Sep 2009 15:26:34 +0000
Subject: [PATCH] (trunk, libT) fix code in the UTF8-to-JSON serializer that
 could fall into an infinite loop when fed some inputs.  This may be ticket
 #2326 or may get its own retroactive ticket, depending on feedback from
 #2326's reporter

---
 libtransmission/bencode.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/libtransmission/bencode.c b/libtransmission/bencode.c
index e3dc7c11b..6bda3c1a5 100644
--- a/libtransmission/bencode.c
+++ b/libtransmission/bencode.c
@@ -1339,9 +1339,7 @@ jsonStringFunc( const tr_benc * val, void * vdata )
                     UTF32        buf = 0;
                     UTF32 *      u32 = &buf;
                     ConversionResult result = ConvertUTF8toUTF32( &tmp, end, &u32, &buf + 1, 0 );
-                    if( ( result != conversionOK ) && ( tmp == it ) )
-                        ++it; /* it's beyond help; skip it */
-                    else {
+                    if((( result==conversionOK ) || (result==targetExhausted)) && (tmp!=it)) {
                         evbuffer_add_printf( data->out, "\\u%04x", (unsigned int)buf );
                         it = tmp - 1;
                     }