From a20c8337962b8025b58b682f7bd874799b8bd1b8 Mon Sep 17 00:00:00 2001
From: 0xdeadbeer <kevin.jerebica@gmail.com>
Date: Tue, 3 Sep 2024 22:09:09 +0200
Subject: [PATCH] fix: mitigate potential security buffer-overflows

---
 README       |   2 +-
 tinyparser   | Bin 75880 -> 75984 bytes
 tinyparser.c |  41 +++++++++++++++++++++++++++++++++--------
 3 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/README b/README
index 8ec32db..e5f0d25 100644
--- a/README
+++ b/README
@@ -18,7 +18,7 @@ LEAKS
 
 TODO 
     
-    * headers table needs length fields 
+    * headers table needs length fields
     * implement tests 
     * integrations with tinyproxy..?
 
diff --git a/tinyparser b/tinyparser
index 29d6abb2763088da4f0b66966f1a7c4ca29b6e67..38dc33e62c552e17157649013d568b62336d002f 100755
GIT binary patch
delta 14511
zcmb_?d3;S**Z*1joO6fFGAA-gB7-D|5FtpA5G3YV5%Ww4Rf>z4B0}OI=CLiMRYc8I
zGgVUu9Xwjv(x%kVq9|?N_1*W<K7HTcf4}>wwf0_n&BH#&sftV5rBAey7|}kow8ppA
zN3M$eJu0t46NPunye}WLp7W%`_Q_*M+_%|AtkbW~Enls=2ztN#ZM~y2%_x8F@i9?_
zamF*m=W`a#D$0D4)gbeJzSF)+{{4K!c;*=~ypEHi6lPv8n0j5A;5aB`=Az8&g_&22
zGH+xp&!Wr<maUMoW+{7n7zplrltv9Fn6nBpE9mw&FDPLzC?7NBepXy&MImb`(z_U=
zyaK7AG0!X4*5i3)WmX}d7EHbW(rg`)KHg_L6)$`Yc|nVl{;-;5@$6iet64=k*Ru*Q
zWEGySP^^gHtAeRty;Sv+jNq$6JssScS7i{_*`MoDxy=#iQF~UdBM`gW*Xi~ZupJJ=
z5i8&EOnUl+J$>?0JrcxR$Yw>pBO|X#!V5RqP@#S<P8u)NKeI1hdeO-4hC?z92LH<i
znM=+bN`OPwRro^J0^_oGs_n!d>=u2+IXuG*TNq!;D(-S7s~GDq;CL#hxG?ijQI|u^
zaLG<{`wO%q1yheGlM*<W-_}5oM-TXLJcl{cN>;I6kNW}gpRxsepRD48)0z7iDz~TF
ztr?4as)+N?jEz3A3GJmJyV4r0w1-2fFY~`pdWuT~r8&kEpCsG<r|f)D?<XG}?~+w`
zGppbikF274-Yk|;qz6E{sPSL1oH|zvZ;E_w@tXC122}8irE6y4(N={|vWn~Vuxpi`
zRlEVE1t(aQUI<PO%jq8;^s)0+ta)1LUU@q6p^T;{Gk*|k?Dws0i({FhE)QE3-e<+0
z|5RL!72l?kg3O0hF!kZcY3oZ${^5AB{?r0%rz>LNKw;*S!yc^r!%++>zIXzXUJL#d
z=`ldFk4!-3ug2J240O0?L+az~W-BhSm_7Aha#1RJ3-Ib!Ai`+?a%d_0mli1b(E{$%
z6-6(VEQS()yOK3_CCmPyq$Ad~IbAP&ftC#pEiGPZ$zd&7MXrycf%LY9pMPk*zp!D+
z1V<E*9PW_(?eU8sp7JS6uCPlAV}yTb$kzWu($^um_OY?WKhieT!Q%H1<-)=8$_wSU
z2eUIF4$k0zaNak=wbK=Kn6o1APc)p~R`Q*$NR$rg^&Q)A`!>a~o&GzRGfht*KHlgM
zFg(&~CsiEqhXwv4RVO*9;QQ&3aV@}~f{iBuVdD8CBQP+W=9M=NoJLi0A{9l>7LOrV
z3ypJCgCawnp#;;*Q;Vy_KB4s<$|kyhyG4-?87@K9T3m}zl!7BvsDHr=<~);Cc<MvA
zP;uvho!5SemfN+Qt{BW@`>^_yyr6X~&kw4uE)L6TXl)o)eV~)oI$_)}ENj-t=gq5w
z#=Y1m)}e#?4IDHszoC<2wN@YalCG4`3=21R$oi$SGK|Cd>P}^4I^*j1Dk}#vw%o6*
zoW;1!Z<Uo>7=O<A4CBV^O$Fmaj9s_~mvVsdjPo8<R%SE4YCMWw)VKk2C{5iw=7{F5
zCbcfPm@P^WlUDPeu-lcDCI59^B+tY6>=6GcF^<MW(0=1)Oejq;^w<bmWyHpY3hh^;
zb!>>p`PCR68%|q{Vy5-`&DhSgpa;f<*bo|8ekZo7Miu4Onn#7WWj1ySUniIq%2B>M
z465O4<msBPPy)DG+<N>w9w3ntp@G}|1Lo5el4t(S(~YKyUY%}n>;3cRe1$tpeBsxG
zi6)CV-;<GMj$_FHi-|0QoAX|n>-S_trYjnD`pkif5~%6JMvrF^eXy}PF`B9x7ZXEl
zY1~d)vbBVjS%k+>-qe>H5AlHeT1$}|e{oaiO#`_J6Q(h|X(%@_;z~o_q{>Zgv8Eqy
z8p%zHc+!J6jpZg?^ykY+OP8B0v9Jqonqrfwv=`OcN3EGW>Mryc-emZub1id4LJn_Q
zcxUovsK_7An=CU!B~K)!@urpBj2FF)opl0Y7UVLit@|r{K2xlPg?5(KELkAdat5^y
z?mc-kPxLc>tCQ64&yGy$W6fsf9pde#yy@#yhd2AguuR_MO3g>aalVSQ{+4`}JfS#W
zO6TgB12!;UP;oUriF5O4!AE*30Lb1;8NiN@F()b1Np1_|_PwN_fQaf`jIw#W=OPRn
z24vpWPEmr58%dG2=-#Z6va?tf_3y`rbb&|IOoJP7X=qnlMX^#9S4DB6E$pc?nYayH
z=s=XBxYB-3p&R8h#hqNcD~bnw&rgRc^kbf)cv6RPisD6kxvRWMc(QX;UQ<zg=}%G=
zKdRu$_)||CCn<m;I&-5?8*fFaN-iNBC%NacgLJpQqJ$7`#!%`vgr|sxjZ&0qRF^9h
zPDz}z2ny<}D3Nre6HhTcVArFl3I`WWzqD7B7)o?klvvv8q9`?J85b#zx^a;4^b@yc
z0yWESsVFr`@a<fS9<tZ9DU*Fnr0w+;r4B7&hmz<PzqHh)G|pl@3LL8_$uy7+)TcQt
zn?hk6Sp&Ld<ka)CrH)pVCN!IkrI8P}N;+*w;v0c-QWd2cZEm0_%}HT;24OxkseQhp
zv>=tOw50AG_+q33>|!e_WU1D)mOW`h{ybRO^h3I$<WMPRv@PxAOt+&!H58>iZD;-t
zl+2-ar0O;<N+)W|ndnT#Y^)2Fb1u8mr(E1_bla>b-RTU^O%IA|%l$%Q-4vx4&F5x&
zh4xlcl-}gQ&CrMXhbu~7DjC7EKpWZJesqK%O8w~z4r~BzucashsTb#d5S8hQGMLtJ
z8w{Z{d67IXbf4oGMt8XnhEqT{MHxXGnLd)f;LMFu+$R}xlA9#!OtM&=(6*WqGJ4EF
z#oyv$`JA;?d9~k2#p3Gq8m|=*oXdP}Rt%p-{AB!*9A5VW&J9^gK>3BM?WE(-s_sZ<
z#6MqtBq+`}wyOKmL1CKFzP@+-G%lB`gZoUnJWwo$I7l}K@!Shy<32`7{h0LiTz60R
zl_sdV?l{vsvR|QjBboM|aNWgcYBp4b{YPboJWVG+`5L~v?lhj%4~eUm)0GdrTtRa?
z#)YtM5^fN2;c}?BOeIiU6M7g;Q@leaaY0Rk$OTcQfdzA`Vwl4fx4(@1lw{%7!`PM*
zK;4X!DWRtGV4QB;N(r=Gka-fN1I_v4$0-+O5=7}xC1Q0|PT2v|8obN$?*}_lXmv}T
zO;0bpn(&V=2Kh4&Q;xeqD{Jx$avX9H_QO2B%TM?rDNxPfe9?#>aA3E!_p$Tf9Sc8N
zt?`UI71m&e08~URU2Zdv8#G>7BRy41ci6O~7)4ntT~$l>*|evl6=l7{^K`9<le)pd
z`;N`C!eL;URL`wbjr)GH^i?h0VzWhZe=6D=^%P}`JM4+lEbY06qP*=2|J2gmHZ6f?
zXRG6og%xWyw`(^XAMs+qKlzYmOsmV`eSg;0%@5k(pWnzqqm^zEFVx9kx;xTt%hICw
zp6ub+W^3Q^wDxqw(q8+Ro$KY;b=TT(Gxl-pa=kKmr1B>5HGrRXjBl68j<ca&lfwA#
zg?~BD6zg)H(<s=V%l8g`@}+|@`K<2j<Zw93|E0sm(}oS`J0mGI#?9*x$I>*z5vS2B
zH8}7fBv2r4Uo1swcPA9YyZS+6acWvneQrC^Je_aiu3QQHR33G&K(_XQaVND=#5iW~
zkPNvFhQHq|>;lb<>_&l+csn5b+X30%4#@s?;Aww5AiN#SZxmGzk0-J}o=DTyPR36A
zrifjN;{mb=v*iNowLEraVC@4F7Cq9q*{He=SB0A-Su8(sY27`E`_Mx%n;4lPrM=5p
zF}py@s=k)ah<`2(mT*)9X(X>xnN#I!N>S(Hh(}UU4&tC44rYSpf)Um>iF95M2el3_
z05~tM2}W__V9GPLH4YY?gN?I|)5EhTaxJUC1<tK@v`kT6cZNn$n(Oo$N4M~r5#J;v
z=-eztndW0>!&I4WagUGG;cA63xJjL=U>N1lGgL9{4C4oZJa!E-%9})_eN@bZNW12A
zw-qyZR~tJyRGSQbNI1+6b*g-wuj%iC_>g~2#D6ay{HfuSmgr*QWwKOSx2n-GEiDE{
z>pP6*>Z1ouRMP);;SDZIv@2YG-`Jm)<br$7U+%L5jVEbwbliwc4-2^%U^m2RlRtf!
z;^c<7_;zvss=R-CCbf1_RJVrJDAl<^HLAi2y@^_R5%;N2HKmnTEv~h1T}8DxSj?@w
z(gK7(zeDIRiO#LOK=C)OH}%d5a95mJCNPpw6KB=JFBMU&hu<oEVaS>7@Nuw4s#_Ch
zXBM@SU@*jsREx9o--J-3X*2IOVKpf&;Du;(K%)TgR;#J}li13u5r-PiUMLa&&0d8(
z&FTJAq)=q}`es*&DmP8d5D^=6mm#`kiSDsZx4x=d#_R5FbZd{=FIT#69b;{aI>z7@
zzQ*+yTBd__{of2eb##lRjqWi)x2%U6uZg<TOx@a8cYRlPS^U3sv&M42mPsldFK^R2
zG+ZA!W=vk4@}VP7xyfZ>dHn17CJof`H8WOgM#=Wp<qhV1=~5nI<W+UG|DCFD-nf24
zM)fQIa{H=A6m8_+o=k5VcW>v0?T_Oz(A3yKUA)V04Vqe`sxIzgUeq{U7x#_Pzcio)
z#+F~|Q(xoyFEO;xu-*v^PT?C^(-+akFmBfpz9km%Ge=WbQMB%zYP7hM=6Q$T_B68(
zr&d$TDM9z`Y?R%Jtouzh5Tfho>YNxb6obM1HAD3WO47Zbb>@{{UEMpFTT_j%r+d}u
zV%)pqTkT{L1hea#)3{=q+9So>1q*%bM817AJ?(@MbvH}|bTP8-CeW|Ot9Mgvzc=Ie
zW92gI)|JM56Y0tm7SWXgeh}(PwPe8a-2mH4p4t*x`+`!1AHTX1#<#kzOsoqyf-f0e
zS<08Eu9S5G?4ANRxi;W*e$460j~xLs`D)RX-+J*>=t?PPNLL#0vp`o;Im5bgpT}5N
zTI2%0E$J<XVEuD1z>0=|zeuUqq<NhiUsuNPWu+@O_`$6!HJTem_kwJDrC9IAAVo9*
zyf4>pN)^#PK`E^dI6!)IPO6wDGtn~}^lWLM8(;LgGE2sBRKa@nV8Gc`0PpaXq$~L{
zPs<Xp{@hJcY}^C7Vv{kYN`Hq&f%2P7pu041Iuw+<uK<25>3ux0?jluRXpeQCbb5>#
z>t#&=Gi8Q0<YOJm<>kNTwgOC-PORX@;rz9?0R>6#ruW9WtE~6YM6CamG4<+?^%<$O
zsjOBzD=0>5!1=P?uKXm`6(OTPEAw$enm;7XJPO9?F@6Yh)nx#olK**s#m1!7wQ%rj
zKdGXHgciWd5`HfusFW#fB3(?ViPMd30FO!6dyK)_c`V>3Jd9jv*_h5UD<8=INa_rF
zzI3H$G}hVdL>p$6wOl9TctaW(FV*#s5$u!Zk9L8;6S>ZjeUQ=sly~JUJd^7mjJv-E
z+Zs0l{X@R!b>(<Rz-iL0q~TcK3<T^i^OPtvI!9*uk2KJ`$v)dy7wgOEfImojp)b~+
zGK|<rtgHF~_LUks$uv!niI`yv$HCf`fcIn$`pE27%>*U6E1-`IqrIGz$1;nDq>F#Z
zaUHLMXH_oX16ii6vNH3e?55G6Ka>1}BCwt=3+mGY>&P(a*C6Tdw<AER90mBR5%$2(
z)<Ld6bOq)30KkVbD{(Rhvt?7q%a*Sai_@zzA6D7mQ(J?A7f@YkB71bc?57x+?^mmV
zUR#dN&7oL-F7=$0^{kZeu}v!4nTO+K*}^@#Vf~XVsFH;BfKb4-GNrX;7L%o02R%Ud
zlC82s<}6*ty+cl1fGq0)8T=?Y_OD6T56Y(cOwRTDeQi*YDeH8~8S6ah#6j6TV`V3G
z5TJLK5p0xMY#jqi!&d<3%lmO;2G;cmu&zvdQah~Ql5<)jor|af3a6W4w(OXQW{MMU
zhIRt!6XWnhKie)TTq2D<ZVP&ubn9ao%}SZ4kdC0=ktY9=nfS#%eX>AaGAnass|Gff
z#-yIS?pS-ukmk#Fe%%d}9LYabTG?WghHJ`JdL&IAl+7C_8@8DX1p1EyT+|-$woL35
z*@g>b;hM<%`j(9Kq-@m*GI~uqU6~3gU3SJ7vR9VMxpt8kL433<$1>T&_Y=SxG9K_x
zITtr%AJhs4WsOwlESu~7+Mtx@0A7{-F-y8NM7FRP2zs{6jYS6FDhs+)7AReYTBw0%
zLayS+=)A0GSJ@Ly<8ja>!x;8^xXoF5p~+O_OYfXzFRhXn%O&YczVy)~GyYr#ctED2
zv7B`enfG1UQ2MQGgv+uK8p_%P$o}lx0H@zY11^val|BsX0XA9W^D@jIr4wZ#I5;nJ
zI#V`Lid=stL#F09y&|WxUJBOD<zRd&4LC`DZ<&2^!s(~7pSw%`S+a_a>VRI50T|Oo
z)@GNCX|wFoIH{t)9OT_WU}_`XIxg!sL#n&p0rXum%ioN`dbeCpv1erjDAVLRT@KYs
zZaO9@x>qBVAu7t7VYFz<&{lf})F;-9W7y;XCr&a3Y(}!HIy1Xn@HBgEvVFwaGEJv2
zPM2v0c>&F&Xl`0l0X^qtH_f8&lNrsX64qpzLzB3pOmiv6jnO>n0)axx;-Z@7(?xDr
zldXt4@GzJb&@|4VshH|=ADI@?$#h1Gs5vA`Xcu&s(i9LE(^O8E$)MkQGFn2<xXh-d
zWbjm)meHs@MrHIE2A7kWlVDmwCj%I*qyj$E*U={Q)K+@x%4naBhI%kQM6LQT&mGFZ
ztlp)|DAMn=4NdZ#0?{!A!U?lGUtFrqXr0J_7aPQ8>^6!UTw&8Dq384N4YAdW(P?qL
zKckODO%&v!cn=l)O#Fb%ekrPP_Dx?28<MDhEtQ(C2xM0OkKNKWF^^p{T^G9(nE0L8
z)W}f`Eg3!H?92Jn-M`?H$PyK+HB7uJRVU%%*ronFiqQde659C_^#@-@SJf?DSmV!X
zs>-`t>hTP`mfTgVyYu#*+69UERZZc>l^VUrau<q-zJ1#(rpVJ6f&>q)fL_N1s_WOm
z+%=t;#IRW^ve52zWUc)kOl60KSqwYIH)J?C3(t$Gb8*K^D?}0ts4Frwi?VZCFrG`#
z!Lf+uBR3_~8Z*0;UdPldqf4C`t)*C8HtVPwZkx~PYoy>ZeT-52jvnFi`JO&AF8$$c
z6a9FzKvac=VsQuqTOv-TF<K%fqs_Mp6AH6ST;Uq%2gR>Q<Vi6YQ*llt;j;Nuyw;4-
zf5i6)@2Yr+>A4|BLhi1p&0VcO6OR$xY&8!zSgCpgw_2I%W#hik*Q%#H8Esa79>i#e
zx`e$j?NgU>Tk8AO&0syICJkovxq2s@(Ped0Pe$LWNpR+dx^M`io9b}xN`1N(j>Im~
zM&&aq(e}c%H?^@`5z{t}#T5NL&Blq8RkQt}?H0UzrhSV-JlD4IMCyNPEfL9I+D>Gw
zQX7Es%+OoI=uEvAA}Q9-H(|6;zlLJ2*EgVTx9JmcEtTtIP=!7EW*#&BxL#ubqm%lf
zTt*l4M_eyy+i6)aI?A~>9Cf*gQn~&NZ{4C{&wY9rLywvf46AJDWEV13pE8d3HU2<r
zHt&UgXvyv<rdHiitekP2EK|D^aHdm_TweD~;IYvA%;Y9C<=(}^V&Ea}4b!mkDD|kI
zfYElvdf3J=CR97X$&=pgr<um{=T&V}5_x}^e&#;cKcsNPeuPdTzN2&u=otOTH->(k
zJduzS^gVVbX$op`ing=k`f1wD!=ay{d>=+1k&Y}~q6|LcTjaB7MvK(AmP}lt;$MQ8
zR;rP_gC90icm=ztM~`+8^idP>Y#F^8Loj9p=Rwcgfz}+m9|4S8&f4_pw43K&pFz>N
zjAl|we?|r5#P=-E(K%cZvndE6&7ochVlItq&!~`Cnlb<9KcFtdaNCEt<05k4c+?Tx
zaM71D7{+vEfArYHP+a3K@*NjHl3~K6ehh17<uObegPy7zX<=CJ&DIQ)zl6W_v%sGs
zI8wdAaKzE@Lp)bf>zf!h3QJ<xI0JW3lLa=!k=8AcVLG~3Z|a2RXx7_>Ve=IzZblex
zt<084LW^#Qt>rs#CCf);*eW)kVe0`%VjH&@h8><Fvd%+sMRc<ujGiaaRJ~UsupwXZ
zW5Aw)M^T)AJ!FB^LGU_=+z!5oNQUQBXE-Jp*~vS|PZfRK*D#u2gf5tni98~W$=8Wt
z#(XqIJH8va7rk)Q_alUndlPVATks6CLUQy&)M(6|b`0~vI$=O2)$YcdDet1er@D`K
zDE7WqgZF{oaYWM4EIP}n;wR;TSD3&LN>4^BC>E+$(rPxUuc9D!+H`=t2k`D7^-p=B
z>nxrEVO|`l9`hE6wfi8X<fS=y<!I`IBIGRRyH1)4zlJ17R0n%xTU50A6vPo#pGRA-
z8|TWf-mIDole;1A`swZrQw|Si*kE4^hG{q1wBF*LH^bh2aU~9W9gdFO0nesZSQwU3
zC8xrsZ=!{`leW<nlx;7?a%;g2Q)o21@&EfmczGWL%ljb2wih>i=!<K?F|K-%=x$>A
z0?`%&P%PH8WwcNXgr|#yiqe#bYYiBcifPy_7L$Pt@hytEL>xzmOT_|o)H3lkQd1`8
zVz*qZfU*_hUOFS&O7SY^#I#xT8ph}wv4{o#pSOh`uq&5^0w-XcLh7IaLwzw$VW*+9
znkAEAWW#WVQ9Z^ojGoNplSK`xio%4Jf+KtvB&)}bLH=W|uwgxZ1Ue{jbq9v^I;Js9
z8H6cra2(ZZSfe__)F<4vQd#`)99|@J9LTWd4^Uhy0ja4y2;H675gn5BqsA~RaVW!%
zU&EztJCUMS0&#crp6tu8U!jeImn!`pAhMWMXsD#fstg-lgfmUw!<#}2Ck$U3=H+*a
zwmlg3AILj>=$+;a$EPFPlZSA7%Fc1zxqsiXy7zH6J_=dn#4xm|Bf~H^9w5#?{}CGc
z+PaYQAYF-BjMT*+9PZdxeVZSydQgfp!{Ay&7>4v^7bLHLp&#}J`aOOu<{&kumE$aW
zOK0B4oEgM0wj_vQjh>i-_~>|s2^D=9+G@To7}fd~CKC5x1nN*7hDn<f8P;9J@kv7g
z>(P*5qp}%>FI5>vx@S1fL~<7IwKqmN_VJ1Al&NktbV+hPa#?>6q*L7CM22lN!&c9b
zv-Y+CFm?GJ3cH>HYc~}M@7}emL)ig}>&t|rv<?2Aq}=h0KB9IJFC3d2#e_g7#9p;x
z9K)b3&=VU}n_&$nbV1yM7>4m%kcos6bV04ExPWSZU~BDA<Ndn}6RJ;UwR*~efexzA
zuzI|Y@#nqX@N9^K>h&r|s{3sWv+qs8JDTx6Vm%v|x$>*R&g%g$|H2XqPCe{jLoTNb
z_5WWFW!)<SarnM4po>c=jCLQ+=$~WMOm{sPnstsyniRLuj@tVj8S3dA1XBh6@0q!;
z%3q@uQWar-lS9-roHToJQZ`4Y0E#YKuM>Y)FRN;zzdx+|z5KB5|MJ6n0Do97TV*2t
zvR-!CMEq&J%+*Z%ZM`hnO#kcSy2s0p>rwo1y)55M|Ngoj&tKQePM9gu=J>px_<w$0
zuk+&bI)7)ke_pSP&+8nSkCS-_&z5F>>d#QESx@(Nd~Z*F@x8tNzrVNhxbgouIHsqV
zNAS3-{%}+3c%8SJUTzNPQZ~Ut{4u_4lZDz)XxTjr4YEyL$XN}1S=I1<i+LZ}VIsro
z?-&fDq9!nmrkM<57NWGVdjM;A%w`z3ehI_)gRe78m^6=Jt**-%*7gQZ;s<jX)(Kv~
zFex3Jb-#gBy+z<m-n{^i>iQ2MkTR)+VMFf~3{w{sF>KTgN*fP=K$DHL7^aO_#4z1=
z3d5!Y;ZU==P~H3-)MdIOlopHTFl_l4l&oE#v>E`Nty_Sz&HQ49*;7_B%yHr%ZF*Zz
z7;9e%r5(;8`i||v)M+vdcg~y6u*)eZ>e>#R-9{HO?4Ag9J#v>a?B#(xy>b&Kd%M2M
zu#Xj|eXB!5?(d-VTL+!}t&knC5cGkyCNZ=P?ua;sv;ou5Fqj#(AC%!Ykh&4Q3mA@^
z4!1_7!0XX{Ut>7tUBIy^D9yOeNNj$4L^=M?`3xuQg)6U)SjKQ-CE#m!#xtDM9p)#0
z1;bM=z{*rxV~9;V3?^G^#4(-5!Iv5IDq@>S7vOjS%|ae#kq@M1)6=Pp=F;^tM)SxI
z<_hTtcr%|AxLHJxv0FfXaJ`t$VYiUpgz80f4XA{|i&6i@q=Uzxvxs#G9YL0t(lZd3
z(OL9S8Qp*v%c(Iet)Q_;?@BrcFIG`qaIT^KXpyzl2fEi$B+k~;Bq-ZJ^+4Q6oglu6
zdPC<Ml*<A({Y_el(B7i=k;W~gp%LDui7?3DFhJZ!qY>yk6pxO4m)amR+i4GCdXJ7F
zojYh8&`v5x5aqNNnchuLfZnHN@Nf@BO=Gl|nnBq<%0U;{_LDO#9iU4{+d=Ay&<>Ff
zpAJ*r3`QT)8}R!GwZn)Ur9fCZMh78qoZ14Npr&x`Bz1@GQ&bm~JWVqp{t?AN{4BLX
zZ+uMEaCVN`AYJEebP;`afxdy?7wJ0cdx_Q{!cX{rF*5p;-U7?#G#@ON$pe}Ff^tFp
zlBO?X^c7t}=YCCVz;cDYN7nvBThUur=`51)4UIwc*QgOHa-Ehz?mMz&L(TWJ71ST-
zL-5?7&rpM#v<gapq`4seM7@#j3c7?qZ_#ZKZ&OWh{z4}(4tHobQhAsDn#|}P4TR47
zbONdTl}xx7expqY@ByuZ+#~wZ2EpHH2poP)TjA6b(s0c@rKiyL2YrW%JfrUr#d8`A
zpZ=sGWbZHXLAs}lrqDJ+?19~xVjZ$xAbg>Embir^%ogk6{T%Td5;Rw&EoU@OOfb-i
zg`xnui$n;}0?`1CQ7j(A?m|%yrC21Q5k-lZ4>hHt0!dgb`lBHX;j)U+5-|?Cmx)D)
zrA*vImn;_#U}1&W1J0Eq4t7_GBm}WqoL_?ZTO%gI#kJxdEUgm_5%vc027=irY9kk$
z#97F{A=bgCH$?)%eoKU-p*D*^uxt@lq~vWe9v*HLy<q+w(HgsV#YT9sU0eftPh3Xr
zc8E-7vFSU73)Jiq3(#!k;(N5$Zt*90-WScV+bfFT+CGtn;_Vl`k>CSj2l8}K%$~^T
zkcdGLABZ*>wZp;#;vb4o%>5D393CDMJ%Nsk92Dk+cu>m7c2e9&GERxPK&M3vn&yo7
z48eRP`Xd)-#jmjRv6#dyBwtKwABL}~i{M<NL$J~7TiETtiz$-BZz2@<6DLvbFH-4B
zUVToBIFXXFL_FXu+PGjtP?VM8%5+9+MLB|7FHWFcH;D+8_DxX_zHSj3`g5!J2F2Je
zg21v<yn^)Y7N5cK_r+19VUM_h>g^S$*aWPZ4u}+X&2&%<<Ga9gNSx$|Odp5|vj0zt
zC15`#Za~LraTdEXe+z$X7d~efK5rMkASNJ>h3d~}{`u;7404ewWf!P0tQV^p+>+9M
zsVeO+R;7JImG+mYcKZj^orwLQItBGTWY_V5I-a}5biyup(k^()E_hm%wm(+CL+Z|{
zi5Q&ocDW07xyyFBFYIz(+U35o%UxAp$BcZVUX%0ptzGb%6qMfnXczv;E?i+3{@E^k
zN1cb(zN=QC!uRa5_w7a>+vT3v<(}H*{;<parN$w;O7(Z3>6%Q`44WpSoTth36lyX(
z^EH{CA`MZR)@k**!lw1w3eK=;gSM4t-?UM)a-mI|v~o<wTUrQaf3s#rTwAmPWdCi=
z4|Uw8y*i%JcC9nl$#mY7fvjFIeZs9|x@fX_LE9zMfR&6sF@41IZTi%73zdCnYJ?&B
z!_*UPKEpf{)AP1@Kcauf{4NXV@0o*9xLxK|tVMs{`~dxV+PrTfql@OX5dYrXAG=#-
z6*s{H^B#1|9LrXW%L2<L8z!sRQUFg^SVlt4Gs{oV{oL{t9rdTB7|#4<Sq;0DmMB~y
z)2*ve@fp?yoCJNQ^*LAytSez@mUS)$a<<hMTIN_=Vy@>}<H54h$pz_J<<uB%uXfrn
zrzYbyPM0u3Yn=|`aGg^qt5Ll8kFHo4^4s%rOQ}_R!}_MRY@|1JDm&s$Pw05rejjQ_
z4a%&(6ix4!CHhidswgY<rHO%ct4cZLYdhk9tE?!Viks3ocyG8L4W_{9e)f~*!j7Lg
z7+izOHu_UdksVm}sXw(y{P#ZxO=W&4`u9JyZ0Vp^l(h<=d$eY6gFtF$5hmBN`QcR4
zS`lnFQ?d7GIJH!1QkgZ1>N{;qx07A8ver?QY~7n--!CjH<YQ}QwtYLZ>?7XN=`xNp
ijrNo^1^TdT1|#9&Q+6zxn$Vdt{`*oI^E8d2=>GxV=m3oX

delta 14114
zcmb7q2Xs}{*6x~X?|pL8A-$1aA)$p5AS9s#LQ5zj2nq=uqz6TsCv-x9By8l+q{;<B
zrGzGe2uhP8DhLWFS3si_0Z~Da{PSDqfZjXaKi+$1=$vcKHG5fmvq#Q+u2-JX%MxW}
zczMllUFUlW^_yQ&oyJSQ9c8C4pA9csurjV!>9o&Jr?vg<^5}{cnunxL6>l3|-6^=@
zakUdf$IN3s;r{QlXiiD?gPbPWcM9G1RPpbp_2wg=7~7|=LKJ6TnLg!;c*R8>+!#}m
zeWf`2Qc3o;oFzGwU3tUEnVwxqEMMupOQbg)cjxIca@=)Z-pQ$zU0KZBCC2C!AxgSm
z%IW__&cW~X96AKfoMOpG-T(WD^%u7^_xN_OjeA^Gl~c@mrcb#eUU9m2-QhBn!yDFc
zIN71Rq|=q0;?p_BM=Ot7;rxZ^Q!YFcdymCRvM&@HqrlB_2;qtf;R-^yf)FBA2v<Ig
zgpFd`(aK*RDGwg72M?a*VKB2lcxFDEjT$iyrNu_g|Eu=O|CGF2OSw~Q+;=P-e(hlg
zgqiDKQzkz$C;CUWT*s*>&fZtjeIFY?Q~VX8?EM6^kET!gNK8oKJhWjAImHL}`m^kZ
zgb?N%Z@PhYw6f_V^OAqEZ1~u83rI@YqqI3BYqI3Qnhwc;e@NDLO71lC15#~Ke{v#9
zUV3o+<L)`d*K?-dtd>*Ka59UvE-|J;x}^CaMkSu30sXrwlF<xk`c3Qe*~JIj6+g(C
z-|!%}75k&&tMq`<>7TGF<8G3}1Gj&8aNNOLY5ZB`U3E13J|Br2y_h+!rWqAjH`HXA
zlJ58072jdSQ~s&A*c=`hVJmRTmp^nA@xyAY;J^q5l^Kd;*jWSXD+8MO(JM$|Ypgkm
zA<XtPiKbIg8cR85<UFUh@+ApYqoqShvwtY5O5_vsaG-bnT&L)-51xuHglLdM)NqJC
z0lU-wUh`m}Z<MQ3?7e4VomecV#PcPvmKeKCTTp~;5H{>9PtY@8zp#RKw6fPT$%lN(
zlH`ya#%M27m`ROFf`(DKKYhx5M-%z{A9TL%)M<I9b3GK8HG%_eXA+?5;NC!{Jk8fI
zC;umZID@`1h<%>r<gD=z&Yn)rWz1O_@)vr{*roW6R@Q@!5@VHf8|~Pxc5W+w2XnUN
z0fN0`z8^fS`4|VOa&HhU@c$|i%bis4<?*`g?-u?Lj0Z3&l{3x!kVrY;cXL`uG~KCK
zAM!fY-We+d4l!|%zI)%%N9r>0p0Nx^)2AF0uekG|%{IG)1$e&cV7YUnO^N?db6i+d
zSX)*y{Ua(iGI+t7j^z{|Ilz*lvip5=TbRH9>0dcXAl&dT<8u|y-inK1ahf^Wb;!cV
zoUo>maRc03U0)eHG%_-hH??aP^7hq%V|i;9L<YJzX%*8Vqg}eB+^njKWVc7(s;bIj
zy#IDp)d0q;f2pdP!T9Rks;Z5Qhu^EJI>z`M<4VTQu^%4XmMI)UGGps+RaG4sk28Nu
zC~Y3j9HNC+wOO*2r$q}U4;QNlW6}!#-?&j#)#^XaGt_w`pY7xS6U~E(G1SGpo)|%X
zrjZmwsb*4Agj{jQY@ZY^uir6;B}G$~IiG0{@0#y1ZO1+HbQ0UFxRn&DQ&EL$?SoQI
zb1}Ec05_PG!p=8^Ni_q^(S{x%#V@?&UgBTxV1-1C4sLIg4-7%-Ebw}!*`l6rw`nd8
zmZ#ADOKvLpRbU1aELN97A4a-MEtU+jTF7c`#e3=U;|q+)@{Nw2F>-(q!MZVY<Tw^F
z0?ZBd5-7y{tX{Y+jSH<eaxG(JR{3}^ZyKvjHF=#|T2E7(AbH*3O%t_=l=nvRrm5N_
z%E?W6(@bsZ%1#BmNmrXRxshGao2yNh?8kS6o~1T9GNU_hT40kcI?FirQE#b^ddepp
zoZdPhi))!LFL&fk8^3Jc43T|@@g~QGp%^XCarAmSwHYV#%x(396VvmVl<WN>pHGvy
zu#jhM&yv&SO3t9(#k&`8=E!d5z51yI?{;NUA6M2dw#p7Ic+=OdK5zC&_iWzeE6pFt
zeSBHz{j7y7`H65Jo5j^}30}i|p|hg+q?T8;Hhg3>0|43g4F<5|XU<BEa8ujqYP%&h
zEI2HVi(#L`doDuvp+GLZ^MnX9ucgM?&a>w_J#NdY$ftl0>1d1)E@VyT(onx#AzZ1t
zrx0$mj6HRys(2whsDhy<z0WE1qT!r7Z`$8Oh-!3^FYD^`#b_aXsQFm-jCONZ`H}Py
z!k^x$EkpqQMM4BpC08bhdf7Nh!SrP}AwsBwA4f<Y;p`e6=qp4Gie$IKDUc0BP^ZB{
zL{fKtG)2)h&R{g1Yb`_!o$Mn-ERALjadeYikEes|bONpD%u_}6yoE@jO&&tjq&6IC
zEpp)?lj+L=JjHac0~@GKk}u{ubcMaHOBw8AJzCaSi2AgM9ZIFE{L0XP(m0C^$udTW
zM&!rYYfOz;HjN@VvL^JE*{NZmEn%b(88nlPWzueLl`Jw-`9`2$xLI40*+hs|w3g|u
zDU1u2P3eU~v>}bHv?Xg7zWQhwyV#B<u~d7qvnL&BZ%ZLM(#$L&I?)u)Xf74>6e5rM
z)D)sK^<n-l^aK0TmBMXYly3B-E8kNzfsJ*i3eM&8G%ZJn9(2P+h@LczU3q~ncH(}a
zF<yKV&~$FL7invh5HHb3tga9BjuxUXO@5hYfm&w@Q9vK@^Qa$v#ewyw)pdjzK!0)W
z2a=uVa}cfKHW*AhM#u8J&}xojDE-KNFpQ2rFT~5Voaw{q5NB?L@D4R+HOgr8gzIE=
zbwk_gqQ=Nk1Naj0u%2aY)n6?bF07uuukl*QQ``ksFINnoRocxz8$~zR!nq-987S9T
zi<^N%S8Zz+BmVjG6F|7**j3w;1q##5&W-(&Yje3go!rN=)Pb;W<RHDA#FI~nw_Y;K
z8YgBg<+}TLFS9_^73Z1JmHi5TaX8bqNYCwjrgem>h>IFK<YV~+l&|5t=O*((<M3LM
zfAN)I_4NeJYb+PSb)EErhzFNL<6dw8;d!~I*&@v^Jc%n{8Au+8DibW2TMfe;CA@w%
z3)33O4||%M(}KyxJe(F`*#X8N^XIe>+fJ1ySw6s}aNJn2OC>>;4-wHTLOEq?EDiDI
z%D<})Bxprjo=u<4PBLE%>gO_4Z1RFu*5tFpdB}xy9FFF@d~+a@0@WPOYw3K~f!$Wg
zeT*O8!tkRNI?uS<w3^HijEZRGOKdJ<2aXdnl&4zxR-2xjD8x+Vs#d<oreEg?n(g#F
zOE2N1&T;a-WAiEUS9--_2NL?{-1iHVuUh#=n=OX>Q|OBu3Q_6}d$K%7e_Tz7GEexY
zmG7|Wm-&_|cOG_TqU&RZxj0_$%Yc9CA<dXp*x~(itSvVX+TdTn@PQ*mZp>44DwsTH
z+HE;{Jl~U@o!gH3DW29Y&R9C@C)l~J&RtLaRvR8q=Pq9#%W({K?uH20a-PL_*qH6Z
zfPd=6f-$YA>E`q)KIlJuijN&;hBd2Cr_8)&iH(KpMQ%4gsQ9`%6bSL21F?#7s6bKt
z0<e_jJ>5_QzqoR9U$e}xcy2X$ou|IW^PGMBeq!t!!q&H#f$8Z51<X)QG2}ZL{(hTq
z2qf}-kOBe6YXUi56RKOu@tQ!6*93CBCXnMb!N>8MKzL2qkscp_=M>B1IYqiYcOrKB
zaq~`k4f!O-^ll#KiMzqewGW%LTJ2_w<^cgqIVCP0ptx$UWjTEDh%-kt5AnaucjgDf
znUu%PsZGO~$5?Yk^AHL)cQ>yQiHX*EqL<@13&%l)?rd{{0d+US%=^u=qSM9;F|oRZ
zSvYC>yLKTaxkINc&vzTZ9xfPfKA#aDwr7SAulqaLFd~+(xM7DYMMY*=M*UDQjBx51
zA}pICxy97+`cU(7Moi|;`Amp)XwLGQIhA*Hu~QRLYND$gheO<MOyWCtLKq+N&+XPS
zzK(~PnVI!G?(wpbQhGAPoSd0Sd(3^AVeVxm{Al!qZ=KAmnW-MQor2W<TCf?NRf~F?
zxml4k*c_D=Mx!g{Wo46%sGTqIbofPycD{8uEB+0HW^Ecp&D@(rxwP}m43<IsTsNK(
z-P`$s5?Gz$ynNlYh|q}Y<l|B;a6%v(^A_%`A~=>&hP!6v=YBk^<p+O&(7c+uvraw^
z(@FEnaCc`-P3tNe9H`+-n$_Li!308hZORN*QbrT^gy8gG5F^a;mVTj;wT1JD6($6?
z^Gy%tE0nzw(dI`jLnx-=V#`ZJ*VpZ7Eu+R89)k^c)9|iic=Rwr#~I;5>eSu{1sZ1r
z<e3-S)NdQG#&DZvxHmVf)_09+gAI>0<$nwLjWhi7_@skT?G?j!JUCsO8=mhP9t;12
zDIl+6c-vHsdRMG&9}!(~WcVju73Gu0SSqa3mgyBYXPx)(95S$Az`(J6M~^KSJffiD
zkU1vQTs^B}MXN1K(karsbYmi|G<)34kKA61dsf$yLJXP5^Qvn#Lk+ny2di3!Ay=E{
zZ#JQHv-+*Z<ZZUQm6$O*31>wVYsl|-h;?l$#ToJ*Ujn)|jp7Yi$(NySl+yA@ZniR>
z(^9UOt}Uko!!N<yax2s4O@49EUHmzZx>i9cMnKlW+p+FnMPZ*%-_UGko!kDkHb2Mm
zfej45Q`}x!azn%Sdr<tnT?X?jhwk!F$=7aV`0X}F-43$$=V8~4%&lhW?MQk2Idj|X
z6k20`ce@!aF++c;Ve@RnZ>M5P55QcOHAGzn-{;{pM0I|=8RASX;LrwuJ@{S25N~jd
zhG^Rjuyq>X@VbC_j2L2ZSHQ;g0q^lV7-B9*ZHOlP6f?x-48S`)ScdrB#y5>2-c|>x
zgRx%P8*pw@!0SpZkuNGk7~H#t7{&LWA!hM|(GVwF0<Py<*btlefntb;%H2G^pbfE3
zX{%D4hns`4P{FoJ^LhT442Rv=2Gm`7dQz!=T?xB&1pTp!`=K)Ps*3L*H@P9^3<8{~
z41dkng&|^8{!00E&k$$14ov9+7{$$Fh-NB`f_SXgs(=r4!1`!}urXTsA~uuMK_4Hi
zyDQbNbITaQM|nMp-&YKg)&ekFrEY#9*6v(hLu}*D<dpK81V@<&_`AxPRXJDpB~TtH
z*@}8tuWAM8-jClb3^7a{q^K(9sWi4~kK?(j4=nsNGsOKmfD@I{Pn7wc%FJ&yK!1-P
z<lGG^fFQ+R$*K*pKuN7B!1}FhKxqX$r{HM>U=vj;rMFcM;%no$t4hv$%J=M1p!_i!
z@Y7m=y;Z}$n~wE<)i+mF8x|^8x+Q>~t(+L8O1Vmf@tn#*zS8!B3g9i3zqm0xMuxbi
zHkqmqV)^yn5byGxW{4lv`ZKe~y&AUfnt?J(%|&5XtcQ&Oj2H%ZJp}MM)g@nMVf~s)
z^@>caTQvq;q$X&*I-RNL#Q~uEs4${qu@2>Hfxj21nsifn;+J-&OteJ<<+cU9sB+L*
zrFVa8P<~KhkP1Vn3EH5txKX+Ir<#j#{7zwr4*7sLRfc-0(xj=rDIE#=kBYxf4Aym3
zK@a!DIyTY<G*J2b>C0H(7y-COb^g~XrC+Hyq%zZ7ogVN6&zAmxS5%&AsI1IXZGK6)
z=$3@jV=6=M=V6`F9?)CyUs0Ku+)(so(x;9RMBz9|jnn5tu%6Ko@D)|#EedW>v-76v
zn?|asT^)|965ms>e*~mfsw98W#_W7Qz?!c-y3@xTc|XARf*SJy%CQer7oCiR#6Xpo
zda5i(+(8+wENoECGDbB{7YTZn@@}n4TB}4*epa=a>yNdUs$4_D`kKn}RdwM!uZAbf
zrhJL1j$=+H!)(<dhgC*`RMYQQm)s<k<)-1_Ipho2?*+ig%KQeU)UF&op}KUIO3Udk
z;3-v3JW=(yuEuY<s)uhiRq!O$tozioJ?;d7Nad-IigL1Q=t*9ncd7<BMVVQo42P&*
z`c0YKp}IF#b!<xyaORE$%v5zcuQEMX^<lcI)0O7xYW!J6|DkHuIF*kb%Ih_%5uT`W
z9BK$fQ`KniQ(1{qmq4j%;-6A*>NXDWU6uT6s_b>tb<wFS=(=j94Rx{ZuY#P%W5)j+
z9j*L&p&kxyt0vA?$+4;kJXMXeRm&!;Sc`RV#^nQ^QZ;U=x}<3`D1WpvzxX}c_CYUf
z{!+OfuDo+s&DBBOEXS2Eh04cW%9lzN-(Ho8?^Ly<N_)SK(DSY8jMJ(!epab7RKs>q
z&G?PV#5~nv$wR^aqD>i|qEuf{^{}hP8KqKMUnTIHreHlV0B~JPz$0oHqtdW$<pTJj
zGO$-AP^jdS8|c$s1Z=JN<1?_XT^}$`xqjifzSz8_V(Ou~^rBMXqsDfJx<{HTxAv*}
z)l=%qRMl6iBp)9E4Xf39vdT)*%b>ij)=kVV4?=Bkp>69HLQlQgwHRhpaE6#k7{NVq
z8HT!ZdDPzbeRj`cJH%<R6ww(@s%0vD3^a|-=P{a2kGZKWGw5_9Ml-3HHCbj+61#1g
zO`W_L%^`#HX(^@_Ts_NN>VAx`C`$>o=dQQRqhXvX%Y16U{bE@_gV{GrDg6o)Wwaf-
z%PAbhg*1xuVlingw}@pCZRSz4yg?0{Gg?e9m{|`)ZKE)|t7rw<WD`B~WVDBdVD|RW
zL(ZY)7S+Y{-KL{R`|o5&*&kB~dSJSA!!*v7htTV*WFwecBbQ>gR-WOSS=PzBV|n+M
z+=Pqds4VNp=!6VGia(PZZ79l@(nJo=%a7sp1&M4KUn`}SZzNJ^Ty$9aPR?Q1ELY^a
zDNOvg%uaV^UH^g8XSjQFo(%8LIQOa+^R=25UX^P}xC*vw=TPds+5|M{=h{`iM{UL>
zt!H;u`IFX6W9rY^K=jpZEzX<KFIq10a#u^^R#Y1OqBtiqrf=WQ!V)_aEuOMHlVSY_
z!x=V?#U!;Dn#!<c3bK$l0$J<a6K^YBGIAJp4Z<)C$_ZpRWwv?YPhZ<@oX)1lAeB;6
z<f4okVeH<Z!D#%&RP-F9l@yKZViiSsFgi=c7_M`)dlaL8({J1k#`ko%9-|`p7JF>W
zmcMda8pU#ZKBIXu6g8MH`?O+ICI`duMY7O_hTbH16)@T^C%0hqf&3YnJS+$KF*+$z
zaesUvLs~MrD9<9kOY%P2|C$U#MQ_V1T^K!*OA*~nEfQB_xpq03kzF&mFN~Gi5g$ey
zv~vR)ZPgmF7nVKR8(ucvzOStY>me;-5Tmo&57CUyY2CPSjc>JNICD*#IGE9OEu;^l
zBHa&}E!AHrWK^cV0N2**zFZQ^W}U@^u|<z+<1E{s`VPsIM|u%b{aCm2=ox?MO%TWv
zoBk#;Sf%@-K2wc9ag9tfRwAzX#wgr53yjZE&DF+y^zCLN0W1|p1gf&jXvYI(d~5{t
zXLQ&Yj$EHM{>}AME#tPh1~1&(!B3CtsGMgBob@`-4+X<}f_f9GmJq|6>Rq}yge-AG
z#`3=ACbVX&zu+|fogpmkx}aE{Ugl(3^0va6Zmw+4(kq4M!ss)S8{CqA8~6W!o!l#y
zp#iA%2xFwvnaJglypMW^bElkppC%<C|9j~z+`=Ewcr?sDTJObZKaE5)eMmo{nGTQ_
zyI_1ouOjM$G#2O({SeIPW7>fnd_v!2cbJBtQb(u{hhrS20X#FtF)D=W<Fu1+A>$0)
z@5=7oqLT^yV78QMr?^zcBCQmGEz^!T3ulQw%bptv)i_nk-x2)>@M7c&jLN7`&W<s<
zD;jppcEmNdJb_^mJ<r#IF_q5uWi*W{3m8o&jqh1w1|7!DF_Xd&(kyc4AZ$E)(Vcl)
zOf1fr{|oBgfMN7zTzxT};CTEyxcCyr<9bMZ0B@5<qC;wagDTVt8qP2!38rc{7|k%X
zI;z$n*2=J9_x21M&4#~?8-PFU5$f1v7~)82x~&eQW{oWj(|uAIHgC;$laWyyab)%g
zVVJc8E!SdiTeDhKfbFL&-n8kAP}(km<s5&FVLSgqhVAo^vkoqa47=Pw9M2Wt-srIj
zUiaFD&Uz^waSXmt{b{_n<9Q!G&(*p2-GNLFvcd0RZQ>Y?az!pizl`eH#vX>z!W7KL
zD;dZdlGf-7F>E~-J&@;(jP~)xQQrwU4D;Ur9FPm1p_|bzBX6N3qu$J8IQk6tgE8R>
zF6znuLUN`&;$W0szY8^a5%LWOr1mphX*g$wAB^d5q)@2MpZ&A!C4u?-fO6BGicN&F
zNMDZ0Nc<Owb-mzyqwG!$TkOW|-DwHmY)WbL1!OZO4&1R%(A#mza5z2&7jc7Ho(vmK
zsm-ua4+Pja%bQ`^ra^eIY|;y<&HS8A8*P5^WB8IcZor|F5bc;1@N7z@m7$#;An0{8
z5m(S=I*I!1CVy@jxM7KiWH<i*#-Hc+|9SpvsQC}y%~2Z>Pj3Oo7z(3A_Ovj4o_vBf
zo-aG)GFl)z!_!jv7(G-bPc&gvF2|!J3uPfAn_<cYJ$SoFevA;`kTcOdi{;@#jO?-q
zyCt$6v@Mn8S&Wv+ew-4^2HAEfqsy|C<^I=8zzFV_&oUu{F(u*k(P<IZRECk`p)$(0
z3B4Sf8qF|1dkn*bnmlQ$s$u)Hc@dEc7`+{$ae<>4CLUqKM)J$tpGLiocyu+qk7iEm
zg6V8hh~hPkiDTGoBe$p0l^lY;Ny!+%u=Y$8yiPDuW2@T-C9T&LEt2|!&M>FO5Qbg9
zfJ;3#AyqG0a4EbrF@RygD;&I18MrQ=7m3T!P^qz@4AX6Jro|RKGur$PXF4!1zd}4g
z>-O{GoiU`e6~l2^NcO~T_~xWqM_s1>ygd!SkG=RPywr_hL^BLnq?eC_+mLtQyX!>G
zgK{PDb!0Ai!!YMQv;*cNEX|!^jnKgi!@XZ{o&^=--r_$EV3<6{hCyg{A;)=`&=bRx
zxMLv0q_QxEHG5$Sk|X(UH&T}1>0Nu0WLT#NChBd(2-N?z9>dh7fDM{+e9Ecd)o94b
z8XXx%zo9XV-S+fM{?L~9df5mzub7kTu~(J`A@)3-0&OpkWNN!d$WdpXIt;si5BcYh
zAj>^8<hQ5gd8g=Jx(K%pQg5Kc)Nvf6<CGKg)Q_TgCWN>l($KSG8HR0yo+Pij3~Rcf
z=Cy7nGE82CxKoO4D0-a}7>l|i+B?<w{qDj0xI$KIq`k&{r2O{p-H;cFI`569pN2cB
zzWqk<J`nQ?E=!HBEqM_$kBuv-z=L?21V8(CM}(T}$fq+s%sJHm`&9YXMH~T74H)te
z>Y!hOGsX-|mgROehAwxXIx3f=`}Bcb!O_H#8~KxFKW$JDCE9;9D2gKOt`_3Y-u4+5
z`un?g;Ir@ELC?N>2lIDtyY52#;oF|!Lj2|1{;CTl(ro)G7mBR$Umv)uJ^R2N&mXw$
zmt5$-zi=n>7jAosm0~+Mzj4>&Z`@oG-DQ3d;MWYbt5o0c+sqBB1*Sgz=H1}wH*dH9
z{N~+|zj@nNSn2PN-u8V~isY}}_HV7kpS|rKuGE3t?LA#-pl#>^&PvF$azuAp$otsl
z;~B;+F&W1DyuvWy)>MXx6M1Njq_u!GAJ1S|Yu+M;$r~myOc^+bVV#ys7}n*-3(v^g
zvl-TRoyRaW8JrD{&t%we5;z;Jo`;7}<0}wI8(7A$saVRe*`yMN>8+r&c^(8Z7Qk3$
zk5YzNax%jfou@HuSqRmw_CQ_sqxlTmOq#{8?Nv~6RwB4|dC=LuJ~%tP3Z9NbmND$~
z`>S{e<UX0po6a|&w96hu-!&af-3Gz%b1xP#?7kg}o^J-Xdh{x0*s})Iz0mOuhP@v{
z>c!7t@}-B!R-fO%*|$10<bTg*jDiyA?DrdZ`cDLXK<EU9wm}()V{l_I4e@}Pq3b~z
zb_S_?x!rVz!-vDbh*)?%vcqc(M=b>$6ANQwvyj-rbVNDsCj|4#I+%I2$6|)#Zvejb
z^*DwTTEq2;pTO|sy|6OHmISfaH-X942=y+aKJaBK^+RmaXfGU}PNR{B8AOnpN!O<^
znoTF|jOLIAbH(%-yqQZkp|OOnVmFU8xIUluV7GwEp}Le#0F{x~eAIs--7V*>NxKm1
zB6<h8dxL(2;9}Z^KC;spc(H_%U}-76gyb)yJ@8^VMS}B9T8|c4N$sI~6;;F8Y8nV-
zYbXlDwUi0*b<_?z-=dBzU^CX!EQIziT7xuhq&w)kx2Zo2ZldcTZl+!c^c@Pq*}K#j
znR$=aBBm|$9@4p$`T%XCRS2Sj)*;h7=o-*Yng$Pdk<aUlc2jLA+e1yz1-AF;4+OK9
z_My5TP#f&_(OtOsA-#yHJ3wXd`y*<G5jjW}SUN--An-9Y1^R?i;M!qo4c$j55|unk
zBO!jA0wMk>HAHWmAWxi~q{c|sDI0x&K08gv;rC~B67@Yp#fb28>HyX+Xdzh6(yL%O
zM~^WnUr|R8&(rY5j4sd-bne$w43=-`G_rP)7NZj`(Jmz6GWACE-%%nea)qWr?%!lf
zgPQMYF{oE*GkC7i0hqW>v!V0{Dg^OIYKL@J(mn+GGo1(V28Dq0CT+zy+@jSe+HLxI
zBBNiZGj!gettjtZx`%Y%qf!L;E0sX*H~QEH!QZJH9R7nA!>I>!2X-IQb!hvOPN5=?
z=oF%OOkHvI7mY{uo)973MKT52rpmRjJ581#>(ix#>KXDYBw?nU2k&ReZ;_zcveptt
zb7X;uG8fBH&|M<kfab|KcsgHRh1~@*3Z*EOzKEhsz6v$v@+^|DQ0Af`O!)vUut@fS
z?!|HvVzJAM=#nM!J6KpM*Mf7I420d~G6F%Yknb<T{Jkmr!^M^IA}p<v@d$g3EJHAB
zWf-p9b#fQv-;yQpX}t_a*#DAVXs8X+0+x;PH<*80=EK8HvMtQNBO77&u3P{w-jgSQ
zw#b91-BwwTS!~8O`2b;Wm#?AOD&%Pl?hg4Acy`L#*zK0%;o2Tq3&ne1wnKvV$`#1d
z2Xf4KM*E~6g4iz`W7IyBk0EzJx?}D?l6BzWA=w7#W7!0S`9yw)TgP@-UP3aC$U>l_
z(hp5@OdddekIP)-;!}AUmQKil{Af`xF?Bb=*JhJoBz+@n^!^lf`>kY(<29#06a?Mk
z5Y_%Ont~#orAeGfMOh@j<1E^^VBJuZW%5W7qm^<Mf?F-O;xV>PdM{_RUPi&!jq(oC
zut^?AG2W9_uxyh#sKO3;0FLjJ?;;Jm<QY_Nx7^MqV9l~u#<FXc4`g?~3oQHOHjc=$
zUlyqTKP-#Deng&uj-zrHcE|n}KH(5P=@35U5I!vnkjG-}9GZWwmXAR$(Uj~w4Tg>R
zT3zl5Wxrfg_7`f(zNsnui!_J*z1o|I{R3?X>buXOW51Tq-D3H~A$Zs!c*G%iR8zK3
zXs3|6lUfaQ&?$%9X@}f7hul{Vx$_RW3l6zU+F;DcW$lETzi%Ca-zh=m?GFy&A05J#
z4&k31!nd?>TvYzldKMM_#UXpgVe}7&+yjT)Lx<d-4!I{<Afl_%z6UDORidWabQR?s
zU8Sd3SLvCntMruUh|;o3kKqbiR_il4!<IGrVxE1=TKzW;-Lg(!g_ii2?uOypp#O@#
z+^CO2_TSbu)N!-kZycld^enEE<&>o^vU=LGpRYR0XBJx(^H|PU@|H3B+_IDB+wz6w
zD^&KrB@r|Dr=<<re5%VxOwZdc>k<7sE=yU!*y7@f!fkh%jr(Y)%XhdxkGi}yp3!G6
zb0Pk{OD=XlyZiz#esx)kZkc6WjB%M~Ewy2?=37U>)1}s)Q1i(8C3HWwUPnj$Wt{+L
zo>=F=Zk5#sS4ffTY*c)z>uXCHO>?aT%XHUSur$N95Cb{WRYJ=w*Hp~)Y}X*LEOUE+
z!Y_AAg4-+H=Fh6l_)WKc7@?JJn~=*@Ztko``11dT^KaSptuAj{^?la;R{J?W>SjL>
zL54lqpYBs{dsG1BQMi3f03}c-`_cgFOGWmF0W?13WC*L^-`5T#T9Xhy!i)dZYxmqh
z8blOizZ*n>a($@XEtqP{Yr*!W!PKVSfB%sq{stRz|NZBKZJqQY`?g^Eg&OW&6GC}b
z&y^lddq8FvS6_Rz7^>!4RKr0o+RcCX-&UhM`<QrY>^e2eL4IT(lR$y?WAPN}I=Quj
zHqL$*EO$CMwj=HQxAl#wk9}wYWpb=<13hp5iILpsXRnz^8I*4yn#k0?_O}x$;eP;v
CVyB@1

diff --git a/tinyparser.c b/tinyparser.c
index 3a3df00..09a0379 100644
--- a/tinyparser.c
+++ b/tinyparser.c
@@ -44,7 +44,7 @@ int parse_header(char *offset, int len) {
     char *cursor_lim = offset+len;
 
     // header title
-    char *htitle_lim = strchr(offset, ':');
+    char *htitle_lim = strchr(cursor, ':');
     if (!htitle_lim) {
         return -1;
     }
@@ -62,8 +62,17 @@ int parse_header(char *offset, int len) {
     cursor += diff;
 
     // white space and seperators 
-    while (*cursor == ':' || *cursor == ' ') {
+_loop: 
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ':') {
+        cursor++; 
+        goto _loop; 
+    }
+    if (*cursor == ' ') {
         cursor++;
+        goto _loop;
     }
 
     // header value
@@ -86,6 +95,9 @@ int parse_title(char *offset, int len) {
     if (!method_lim) {
         return -1;
     }
+    if (method_lim > cursor_lim) {
+        return -1;
+    }
 
     diff = method_lim-cursor;
     ret = streencmp(method_tree, cursor, diff);
@@ -97,8 +109,13 @@ int parse_title(char *offset, int len) {
     cursor += diff;
 
     // white space 
-    while (*cursor == ' ') {
+_loop1: 
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ' ') {
         cursor++;
+        goto _loop1;
     }
 
     // uri 
@@ -106,6 +123,9 @@ int parse_title(char *offset, int len) {
     if (!uri_lim) {
         return -1;
     }
+    if (uri_lim > cursor_lim) {
+        return -1;
+    }
 
     diff = uri_lim-cursor;
     uri = cursor;
@@ -114,8 +134,13 @@ int parse_title(char *offset, int len) {
     cursor += diff;
     
     // white space 
-    while (*cursor == ' ') {
+_loop2:
+    if (cursor > cursor_lim) {
+        return -1;
+    }
+    if (*cursor == ' ') {
         cursor++;
+        goto _loop2;
     }
 
     // ver
@@ -160,9 +185,9 @@ int parse_request(char *buffer) {
 
 void debug_stats(void) {
     fprintf(stderr, "\tstats:\n"
-                    "\t\tmethod: %d\n"
-                    "\t\turi   : %.*s\n"
-                    "\t\tver   : %.*s\n",
+                    "\t\tmethod\t: %d\n"
+                    "\t\turi\t: %.*s\n"
+                    "\t\tver\t: %.*s\n",
                     method, uri_len, uri, ver_len, ver
             );
 
@@ -173,7 +198,7 @@ void debug_stats(void) {
             continue;
         }
 
-        fprintf(stdout, "\t\t%d: %.*s\n", i, pnt->len, pnt->er);
+        fprintf(stdout, "\t\t%d\t: %.*s\n", i, pnt->len, pnt->er);
     }
 }