Integer underflow in CVE-2025-32052 fix when resource_length=0

The fix for CVE-2025-32052 (commit a5b86bfc) introduces a potential integer underflow vulnerability when resource_length is 0.

Affected Code: libsoup/soup-content-sniffer.c, line 507

Issue: The patch changes the condition from: while ((index_stream < resource_length) && ...) to: while ((index_stream < resource_length - 1) && ...)

When buffer->length = 0:

resource_length = MIN(512, 0) = 0
resource_length - 1 underflows to UINT_MAX (gsize is unsigned)
Condition (0 < UINT_MAX) = TRUE
Loop executes on empty buffer → buffer overread
Fix: Add guard before has_ws path: if (resource_length == 0) continue;

This matches the pattern used in the else branch which already checks: if (resource_length < type_row->pattern_length) continue;

Patch :

--- a/libsoup/soup-content-sniffer.c
+++ b/libsoup/soup-content-sniffer.c
@@ -498,6 +498,11 @@ sniff_unknown (SoupContentSniffer *sniffer, SoupBuffer *buffer,
 		if (!sniff_scriptable && type_row->scriptable)
 			continue;
 
+		/* Ensure we have data to sniff - prevents underflow in resource_length - 1 */
+		if (resource_length == 0)
+			continue;
+
 		if (type_row->has_ws) {
 			guint index_stream = 0;
 			guint index_pattern = 0;