mirror of
https://github.com/espressif/esp-idf.git
synced 2026-07-16 16:03:08 +03:00
httpd_req_get_hdr_value_str() detected truncation with `val_size < full_size`, where full_size is the strlcpy() return value. strlcpy() returns strlen() of the source (the terminating null is not counted), so truncation actually occurs when strlen(src) >= val_size. At strlen(src) == val_size the value is copied as val_size - 1 chars + NUL (i.e. truncated) yet ESP_OK was returned, so the caller never learned the value was cut. Use `val_size <= full_size` and correct the misleading comment about strlcpy()'s return value. Same truncation-reporting class fixed for httpd_cookie_key_value in PR #16202; httpd_req_get_hdr_value_str was missed. No memory-safety impact: strlcpy() null-terminates if val_size > 0.