Fix buffer resizing logic in buffer_put_at().

When growing the buffer when it's not big enough for new data, the
current size is doubled repeatedly until it is big enough for the new
data. The required new size is stored in the variable "required",
however the doubling loop exited when the new size was at least
buf->used + len, which might be much smaller than "required" if an
out-of-order packet is received.

diff --git a/utcp.c b/utcp.c
index 9bae7b9f87b10b81fee0e700e48c40b462043dae..13f46584484bef5fd71ae74a77792671c1fb7637 100644 (file)
--- a/utcp.c
+++ b/utcp.c
@@ -173,7 +173,7 @@ static ssize_t buffer_put_at(struct buffer *buf, size_t offset, const void *data
                } else {
                        do {
                                newsize *= 2;
-                       } while(newsize < buf->used + len);
+                       } while(newsize < required);
                }
                if(newsize > buf->maxsize)
                        newsize = buf->maxsize;