Mark Wutzke points out that the comment in sk_proxy_set_frozen()

states that plug_receive() may recurse back into
sk_proxy_set_frozen() again. Therefore, bufchain_consume() should
have been called _before_ calling plug_receive(), to prevent an
infinite loop overflowing the stack. I can't immediately figure out
under what circumstances this might happen, but it seems an
obviously sensible precaution.

git-svn-id: svn://svn.tartarus.org/sgt/putty@3741 cda61777-01e9-0310-a592-d414129be87e

diff --git a/proxy.c b/proxy.c
index 169be0d..d970b2b 100644 (file)
--- a/proxy.c
+++ b/proxy.c
@@ -161,10 +161,14 @@ static void sk_proxy_set_frozen (Socket s, int is_frozen)
         */
         while (!ps->freeze && bufchain_size(&ps->pending_input_data) > 0) {
            void *data;
+           char databuf[512];
            int len;
            bufchain_prefix(&ps->pending_input_data, &data, &len);
-           plug_receive(ps->plug, 0, data, len);
+           if (len > lenof(databuf))
+               len = lenof(databuf);
+           memcpy(databuf, data, len);
            bufchain_consume(&ps->pending_input_data, len);
+           plug_receive(ps->plug, 0, databuf, len);
        }
 
        /* if we're still frozen, we'll have to wait for another