From cf86aaebca5d69b8d6f87cb0be6ea710bf5b94f7 Mon Sep 17 00:00:00 2001
From: df <fieldhouse@gmx.net>
Date: Fri, 15 Jan 2021 00:58:18 +0000
Subject: [PATCH] Ensure ; immediately follows the code in &#<hex/dec>;

---
 tvdb.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/tvdb.c b/tvdb.c
index 53bb8a5..ab3922c 100644
--- a/tvdb.c
+++ b/tvdb.c
@@ -53,10 +53,12 @@ unescape(char *txt)
 
 	for (; (p = strchr(p, '&')); p++)
 	{
-		int ll;
+		int ll = 0;
 		unsigned char icode;
-		if (1 == sscanf( p, "&#%hhu;%n", &icode, &ll) ||
-		    1 == sscanf( p, "&#%*[xX]%hhx;%n", &icode, &ll)) {
+		/* sscanf -> 1: the code was read; ll>0: ';' came next */
+		if ((1 == sscanf( p, "&#%hhu;%n", &icode, &ll) ||
+		     1 == sscanf( p, "&#%*[xX]%hhx;%n", &icode, &ll)) && 
+		     ll > 0) {
 			/*  &#x<hex>;, &#<decimal>; */
 			HANDLE(p, (char)icode, ll-1);
 		} else {