Lighttpd

when I send a https request like this:
"GET /?query=hi HTTP/1.1\r\n"
(It's a incomplete request, since it doesn't include "\r\n\r\n"),
lighttpd is down, and generates a core-dump file.

I used gdb to examinate the core file, and find a bug in file http_req.c:

281    for (c = cq->first; c; c = c->next) {
282        if (c == cq->first) {
283            buffer_append_string_len(hdr, c->mem->ptr + t.c->offset, c->mem->used - 1 - t.c->offset);
284        } else {
285            buffer_append_string_buffer(hdr, c->mem);
286        }
287    }

When lighttpd is down, in line 283, "t.c" is null, so (null)->offset is illegal, of course.

I don't know why "t.c->offset" is here, but not "c->offset". I think "c->offset" is the right word here instead of "t.c->offset"