Avoid buffer overrun by comm_read()

It seems the space details provided by SBuf do not necesarily match the
existing MemBlob size. If for example actions like consume() have shifted
the SBuf down the MemBlob buffer.

Use spaceSize() to guarantee that the underlying MemBlob store still
provides sufficient buffer to fill without overflowing.

diff --git a/src/client_side.cc b/src/client_side.cc
index e894993d4ba1ba77bbe55aeb46235087b9e8a988..95c809c331f5910ef051fb6124ccb948a93dc55b 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -253,7 +253,7 @@ ConnStateData::readSomeData()
 
     typedef CommCbMemFunT<ConnStateData, CommIoCbParams> Dialer;
     reader = JobCallback(33, 5, Dialer, this, ConnStateData::clientReadRequest);
-    comm_read(clientConnection, in.buf.rawSpace(2), in.buf.spaceSize()-1, reader);
+    comm_read(clientConnection, in.buf.rawSpace(in.buf.spaceSize()), in.buf.spaceSize()-1, reader);
 }
 
 void