PR4649553.diff   [plain text]


--- src/funcs.c.orig	2006-08-21 16:42:37.000000000 -0700
+++ src/funcs.c	2006-08-21 16:43:20.000000000 -0700
@@ -50,14 +50,14 @@
 
 	if ((len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap)) >= ms->o.len) {
 		va_end(ap);
-		if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
+		if ((buf = realloc(ms->o.buf, ms->o.size + len + 1024)) == NULL) {
 			file_oomem(ms);
 			return -1;
 		}
 		ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
 		ms->o.buf = buf;
+		ms->o.size += len + 1024;
 		ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
-		ms->o.size = len + 1024;
 
 		va_start(ap, fmt);
 		len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);