If the input URI ends with a trailing % (or a trailing %N), we read outside the provided buffer.
On NULL terminated input, this happened to work out since we'd correctly detect an invalid %-sequence as soon as we read the NULL terminator.
On input that is not NULL terminated, we're out of luck.
This patch fixes this by also checking we have enough input left to even try to read the %-digits.
Also add unit tests for this particular case.
Closes #2353
If the input URI ends with a trailing `%` (or a trailing `%N`), we read outside the provided buffer.
On NULL terminated input, this happened to work out since we'd correctly detect an invalid %-sequence as soon as we read the NULL terminator.
On input that is not NULL terminated, we're out of luck.
This patch fixes this by also checking we have enough input left to even _try_ to read the %-digits.
Also add unit tests for this particular case.
Closes #2353