* generic/tclIO.c (GetInput): Fixed [SF #427196]. Memory was

	  overwritten because a buffer was used after a change of the
	  requested buffersize together with that requested buffersize and
	  not its actual size, which was smaller. Note that the continous
	  reuse of the smaller buffer negatively impacts performance. The
	  system never allocates a buffer with the newly requested bigger
	  buffersize.

2 files changed, 34 insertions, 11 deletions

diff --git a/ChangeLog b/ChangeLog
index 6bde3bf..3dd441f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2001-07-17  Andreas Kupries <andreas_kupries@users.sourceforge.net>
+
+	* generic/tclIO.c (GetInput): Fixed [SF #427196]. Memory was
+	  overwritten because a buffer was used after a change of the
+	  requested buffersize together with that requested buffersize and
+	  not its actual size, which was smaller. Note that the continous
+	  reuse of the smaller buffer negatively impacts performance. The
+	  system never allocates a buffer with the newly requested bigger
+	  buffersize.
+
 2001-07-16  Jeff Hobbs  <jeffh@ActiveState.com>
 
 	* win/tclWinPipe.c (PipeClose2Proc): constrained the mutex lock to
diff --git a/generic/tclIO.c b/generic/tclIO.c
index 5eb2b31..815e1a4 100644
--- a/generic/tclIO.c
+++ b/generic/tclIO.c
@@ -10,7 +10,7 @@
  * See the file "license.terms" for information on usage and redistribution
  * of this file, and for a DISCLAIMER OF ALL WARRANTIES.
  *
- * RCS: @(#) $Id: tclIO.c,v 1.20.2.6 2001/04/03 22:54:37 hobbs Exp $
+ * RCS: @(#) $Id: tclIO.c,v 1.20.2.7 2001/07/17 20:43:52 hobbs Exp $
  */
 
 #include "tclInt.h"
@@ -4707,24 +4707,37 @@ GetInput(chanPtr)
 
     bufPtr = statePtr->inQueueTail;
     if ((bufPtr != NULL) && (bufPtr->nextAdded < bufPtr->bufLength)) {
-        toRead = bufPtr->bufLength - bufPtr->nextAdded;
+	toRead = bufPtr->bufLength - bufPtr->nextAdded;
     } else {
 	bufPtr = statePtr->saveInBufPtr;
 	statePtr->saveInBufPtr = NULL;
 	if (bufPtr == NULL) {
 	    bufPtr = AllocChannelBuffer(statePtr->bufSize);
 	}
-        bufPtr->nextPtr = (ChannelBuffer *) NULL;
+	bufPtr->nextPtr = (ChannelBuffer *) NULL;
+
+	/* SF #427196: Use the actual size of the buffer to determine
+	 * the number of bytes to read from the channel and not the
+	 * size for new buffers. They can be different if the
+	 * buffersize was changed between reads.
+	 *
+	 * Note: This affects performance negatively if the buffersize
+	 * was extended but this small buffer is reused for all
+	 * subsequent reads. The system never uses buffers with the
+	 * requested bigger size in that case. An adjunct patch could
+	 * try and delete all unused buffers it encounters and which
+	 * are smaller than the formally requested buffersize.
+	 */
 
-        toRead = statePtr->bufSize;
-        if (statePtr->inQueueTail == NULL) {
-            statePtr->inQueueHead = bufPtr;
-        } else {
-            statePtr->inQueueTail->nextPtr = bufPtr;
-        }
-        statePtr->inQueueTail = bufPtr;
+	toRead = bufPtr->bufLength - bufPtr->nextAdded;
+	if (statePtr->inQueueTail == NULL) {
+	    statePtr->inQueueHead = bufPtr;
+	} else {
+	    statePtr->inQueueTail->nextPtr = bufPtr;
+	}
+	statePtr->inQueueTail = bufPtr;
     }
-      
+
     /*
      * If EOF is set, we should avoid calling the driver because on some
      * platforms it is impossible to read from a device after EOF.