aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2010-02-26 22:55:30 +0000
committerDaniel Stenberg <daniel@haxx.se>2010-02-26 22:55:30 +0000
commit03a57308b91911cdd91060b237715f0c5fe716da (patch)
treeadf4f819e4d8ead225c05b9831d93045f39c6ae5 /lib
parent507d58435a518e23477c6cd6f655c122bde8b4ac (diff)
- Pat Ray in bug #2958474 pointed out an off-by-one case when receiving a
chunked-encoding trailer. http://curl.haxx.se/bug/view.cgi?id=2958474
Diffstat (limited to 'lib')
-rw-r--r--lib/http_chunks.c9
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/http_chunks.c b/lib/http_chunks.c
index ee35d6603..3649f9ee0 100644
--- a/lib/http_chunks.c
+++ b/lib/http_chunks.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -306,14 +306,17 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn,
/* conn->trailer is assumed to be freed in url.c on a
connection basis */
if(conn->trlPos >= conn->trlMax) {
+ /* in this logic we always allocate one byte more than trlMax
+ contains, just because CHUNK_TRAILER_POSTCR will append two bytes
+ so we need to make sure we have room for an extra byte */
char *ptr;
if(conn->trlMax) {
conn->trlMax *= 2;
- ptr = realloc(conn->trailer,conn->trlMax);
+ ptr = realloc(conn->trailer, conn->trlMax + 1);
}
else {
conn->trlMax=128;
- ptr = malloc(conn->trlMax);
+ ptr = malloc(conn->trlMax + 1);
}
if(!ptr)
return CHUNKE_OUT_OF_MEMORY;