Limit the size of the fd read buffer in channel_poll().

[meshlink] / src / meshlink.c

diff --git a/src/meshlink.c b/src/meshlink.c
index 55b1e04fcd7d807d5e0304a2887026322e1f98c3..e50be188b32ef9b19b96c2961766da4ef2d60bc4 100644 (file)
--- a/src/meshlink.c
+++ b/src/meshlink.c
@@ -3465,7 +3465,7 @@ static bool aio_finish_one(meshlink_handle_t *mesh, meshlink_channel_t *channel,
 
                if(aio->data) {
                        if(aio->cb.buffer) {
-                               aio->cb.buffer(mesh, channel, aio->data, aio->len, aio->priv);
+                               aio->cb.buffer(mesh, channel, aio->data, aio->done, aio->priv);
                        }
                } else {
                        if(aio->cb.fd) {
@@ -3675,6 +3675,11 @@ static void channel_poll(struct utcp_connection *connection, size_t len) {
                if(aio->data) {
                        sent = utcp_send(connection, (char *)aio->data + aio->done, todo);
                } else {
+                       /* Limit the amount we read at once to avoid stack overflows */
+                       if(todo > 65536) {
+                               todo = 65536;
+                       }
+
                        char buf[todo];
                        ssize_t result = read(aio->fd, buf, todo);
 
@@ -3701,7 +3706,7 @@ static void channel_poll(struct utcp_connection *connection, size_t len) {
 
                if(sent != (ssize_t)todo) {
                        /* We should never get a partial send at this point */
-                       assert(sent < 0);
+                       assert(sent <= 0);
 
                        /* Sending failed, abort all outstanding AIO buffers and send a poll callback. */
                        if(!aio_abort(mesh, channel, &channel->aio_send)) {