httpd.c in atophttpd 2.8.0 has an off-by-one error and resultant out-of-bounds read because a certain 1024-character req string would not have a final 0 character.
A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.