8094e7fe54b5d6725fc5c6a6fecb9efdde170967
jcasper
  Thu Mar 19 00:55:26 2026 -0700
A few fixes in the ifdef'd alternate cgiDecode version; ensuring a length variable is
appropriately set and used, refs #37262

diff --git src/lib/cheapcgi.c src/lib/cheapcgi.c
index 798a498a25b..5f120570779 100644
--- src/lib/cheapcgi.c
+++ src/lib/cheapcgi.c
@@ -925,52 +925,53 @@
 cgiDecode(val,val,end-val);
 #else
 char *val = NULL;
 char *var = NULL;
 int varLength = 0;
 int valLength = 0;
 do
     {
     var = *pInput;
     if (var == NULL || var[0] == 0)
     {
         *retVar = *retVal = NULL;
         return FALSE;
     }
     val = strchr(var, '=');
-    if (val == NULL)
+    if (val == NULL || var == val)
         errAbort("Mangled CGI input string %s", var);
+    varLength = val-var;
     *val++ = 0;
     char *end = strchr(val, '&');
     if (end == NULL)
         end = strchr(val, ';');  // For DAS
     if (end == NULL)
         {
         end = val + strlen(val);
         *pInput = NULL;
         }
     else
         {
         *pInput = end+1;
         *end = 0;
         }
     *retVar = var;
     *retVal = val;
     valLength = end-val;
     } while ((varLength > CGI_VAR_NAME_LIMIT) || (valLength > CGI_VAR_SIZE_LIMIT));
             // skip variables that are too big
-cgiDecode(var,var,valLength);
+cgiDecode(var,var,varLength);
 cgiDecode(val,val,valLength);
 #endif // FAST_CGI_DECODE
 return TRUE;
 }
 
 void cgiSetMaxLogLen(int l)
 /* set the size of variable values that are dumped to stderr. Default is 0, which means no logging */
 {
 logCgiVarMaxLen = l;
 }
 
 void cgiParseInputAbort(char *input, struct hash **retHash,
         struct cgiVar **retList)
 /* Parse cgi-style input into a hash table and list.  This will alter
  * the input data.  The hash table will contain references back