On Jun 18, 2008, at 11:20, Tomash Brechko wrote:
Quick glance reveals another possible bug, at line 1529:
memcpy(ITEM_data(new_it) + res, "\r\n", 3);
There's no room for \0 character, it should be "\r\n", 2. Though this
shouldn't be part of the reported problem...
I'm pretty sure that's it, actually. I've not been able to fuzz another test that fails after that.
I'll commit that into my tree with you as the author. Thanks.
--
Dustin Sallings
