From abf1ea135a64fdd8866e9be969cf470670d881b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=B6nke=20Ludwig?= <sludwig@outerproduct.org>
Date: Wed, 17 Jan 2024 10:50:36 +0100
Subject: [PATCH] Avoid possible array bounds error.

RFC822 date/time strings can be larger than 29 characters if an unnamed time zone is used. Extending the buffer to 32 leaves one byte of slack for the longest possible string: "Wed, 02 Oct 2002 08:00:00 +0200"
---
 http/vibe/http/server.d | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/http/vibe/http/server.d b/http/vibe/http/server.d
index 2c1047e38..3a1482aee 100644
--- a/http/vibe/http/server.d
+++ b/http/vibe/http/server.d
@@ -2481,7 +2481,7 @@ private string formatRFC822DateAlloc(SysTime time)
 	static LAST = CacheTime(SysTime.min());
 
 	if (time > LAST.nextUpdate) {
-		auto app = new FixedAppender!(string, 29);
+		auto app = new FixedAppender!(string, 32);
 		writeRFC822DateTimeString(app, time);
 		LAST.update(time);
 		LAST.cachedDate = () @trusted { return app.data; } ();