[tpop3d-discuss] [PATCH] Corrupted TOP response with PIPELINING and tpop3d 1.5.3

Wed, 2 Feb 2005 17:01:51 +0000

On Wed, Feb 02, 2005 at 05:55:47PM +0100, Martin Blapp wrote:
> It seems that the buffer routines had serious bugs and where never
> tested with big input. If the sendbuf does reach the place of readpos
> we overwrite unread unput and fail. The patch expands the buffer if the
> write position in the buffer has reached the read position.

um. The only places buffer_push_bytes is called,
buffer_expand has been called immediately before it. I
*think* -- I haven't had time to look in detail today --
that the problem is in buffer_get_push_ptr -- it can cause
too much data to be read in the case where the read
pointer is still at the beginning of the buffer.

-- 
``It's a small world, but I wouldn't want to have to paint it.''
  (Chic Murray)