Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
proton-0.9, proton-0.9.1, proton-0.10
-
None
-
Patch
Description
pn_data_grow() function looses half of the available data capacity.
The following happens: when data overflows, pn_data_grow is invoked. It increases data capacity 2 times and reallocates nodes array. Data capacity is represented as uint16_t type and so when capacity reaches 32768 items, the result of multiplication by 2 becomes 0. This makes realloc return null and crashes the program.