From 16ecd6d75bfabb97193581bcc8095652759cdb8e Mon Sep 17 00:00:00 2001
From: Guus Sliepen <guus@meshlink.io>
Date: Thu, 17 Dec 2015 18:07:19 +0100
Subject: [PATCH] Fix buffer resizing logic in buffer_put_at().

When growing the buffer when it's not big enough for new data, the
current size is doubled repeatedly until it is big enough for the new
data. The required new size is stored in the variable "required",
however the doubling loop exited when the new size was at least
buf->used + len, which might be much smaller than "required" if an
out-of-order packet is received.
---
 utcp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utcp.c b/utcp.c
index 9bae7b9..13f4658 100644
--- a/utcp.c
+++ b/utcp.c
@@ -173,7 +173,7 @@ static ssize_t buffer_put_at(struct buffer *buf, size_t offset, const void *data
 		} else {
 			do {
 				newsize *= 2;
-			} while(newsize < buf->used + len);
+			} while(newsize < required);
 		}
 		if(newsize > buf->maxsize)
 			newsize = buf->maxsize;
-- 
2.39.2