2 files changed, 14 insertions, 4 deletions

diff --git a/apt-pkg/contrib/strutl.cc b/apt-pkg/contrib/strutl.cc
index 826b21478..45e475b3e 100644
--- a/apt-pkg/contrib/strutl.cc
+++ b/apt-pkg/contrib/strutl.cc
@@ -1611,22 +1611,26 @@ string DeEscapeString(const string &input)
       switch (*it)
       {
          case '0':
-            if (it + 2 <= input.end()) {
+            if (it + 2 < input.end()) {
                tmp[0] = it[1];
                tmp[1] = it[2];
                tmp[2] = 0;
                output += (char)strtol(tmp, 0, 8);
                it += 2;
-            }
+            } else {
+	       // FIXME: raise exception here?
+	    }
             break;
          case 'x':
-            if (it + 2 <= input.end()) {
+            if (it + 2 < input.end()) {
                tmp[0] = it[1];
                tmp[1] = it[2];
                tmp[2] = 0;
                output += (char)strtol(tmp, 0, 16);
                it += 2;
-            }
+            } else {
+	       // FIXME: raise exception here?
+	    }
             break;
          default:
             // FIXME: raise exception here?
diff --git a/test/libapt/strutil_test.cc b/test/libapt/strutil_test.cc
index f101d72cf..d477e953c 100644
--- a/test/libapt/strutil_test.cc
+++ b/test/libapt/strutil_test.cc
@@ -21,6 +21,12 @@ TEST(StrUtilTest,DeEscapeString)
    // double slashes
    EXPECT_EQ("foo\\ x", DeEscapeString("foo\\\\ x"));
    EXPECT_EQ("\\foo\\", DeEscapeString("\\\\foo\\\\"));
+
+   // FIXME: the input is bad, the output as well, but we have no indicator for it
+   EXPECT_EQ("aa", DeEscapeString("aa\\x"));
+   EXPECT_EQ("aa0", DeEscapeString("aa\\x0"));
+   EXPECT_EQ("aa", DeEscapeString("aa\\0"));
+   EXPECT_EQ("aaa", DeEscapeString("aa\\0a"));
 }
 TEST(StrUtilTest,StringStrip)
 {