Header value returned from the HTTP parser is expected to be null-terminated or
have a spare byte after the value bytes. When an empty header value was passed
by client in a literal header representation, neither was true. This could
result in segfault. The fix is to assign a literal empty null-terminated
string in this case.
Thanks to Andrey Kolyshkin.
st->literal.length = st->pint.value;
if (st->literal.length == 0) {
+ st->value.data = (u_char *) "";
goto done;
}