On Wed, Sep 03, 2008 at 11:13:11PM +0200, Daniel Stenberg wrote:
> The chunklen is the amount of data the client has received (or at most 16K
> per lap in that code), so it's actually not _directly_ controllable by the
> server as it'll depend a lot on the network conditions etc as well.
>
> But of course we should fix that code when we correct the return code
> check to avoid all those possible problems! See attachment for my
> suggested fix.

Something like this patch is also needed to ensure that data->state.tempwrite
is cleared to NULL on an OOM condition and isn't accidentally double freed
by Curl_done:

--- lib/easy.c 31 Aug 2008 12:12:35 -0000 1.123
+++ lib/easy.c 3 Sep 2008 21:54:17 -0000
@@ -864,12 +864,12 @@
         /* note that tempsize is still the size as before the callback was
            used, and thus the whole piece of data to keep */
         newptr = malloc(tempsize);
+ data->state.tempwrite = newptr; /* store new pointer */
         if(!newptr) {
           result = CURLE_OUT_OF_MEMORY;
           /* tempwrite will be freed further down */
           break;
         }
- data->state.tempwrite = newptr; /* store new pointer */
         memcpy(newptr, tempwrite, tempsize);
         data->state.tempwritesize = tempsize; /* store new size */
         /* tempwrite will be freed further down */

But this whole block should probably be rewritten to use realloc().

>>> Dan

-- 
http://www.MoveAnnouncer.com              The web change of address service
          Let webmasters know that your web site has moved