From 372e355a73021115ed0644c661f691cc7c7e2796 Mon Sep 17 00:00:00 2001
From: Laurence Withers <lwithers@lochside.guralp.local>
Date: Tue, 9 Jan 2007 14:02:09 +0000
Subject: [PATCH] Fix some memory corruption bugs in the dynamic list resizing
 code.

---
 src/libCStreamedXML/buffer.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/libCStreamedXML/buffer.c b/src/libCStreamedXML/buffer.c
index 10cab8a..64ab0be 100644
--- a/src/libCStreamedXML/buffer.c
+++ b/src/libCStreamedXML/buffer.c
@@ -55,14 +55,15 @@ static int do_realloc2(struct csxml* ctx, struct csxml_list* list)
 {
     size_t i, newlen = list->size ? (list->size << 1) : 4;
     struct csxml_buf* n = realloc(list->data, newlen * sizeof(struct csxml_buf));
+
     if(!n) {
         ctx->outOfMemory(ctx, newlen * sizeof(struct csxml_buf));
         return -1;
     }
 
-    memset(n + list->size * sizeof(struct csxml_buf), 0, newlen * sizeof(struct csxml_buf));
-    for(i = 0; i < newlen; ++i) {
-        if(buffer_init(ctx, n + list->size + i)) return -1;
+    memset(n + list->size, 0, (newlen - list->size) * sizeof(struct csxml_buf));
+    for(i = list->size; i < newlen; ++i) {
+        if(buffer_init(ctx, n + i)) return -1;
     }
 
     list->size = newlen;