While tracking down this problem:

http://curl.haxx.se/mail/curlphp-2008-06/0021.html

I seem to have found a bug in Curl_fillreadbuffer.

CURLcode Curl_fillreadbuffer(struct connectdata *conn, int bytes, int *nreadp)
{
  struct SessionHandle *data = conn->data;
  size_t buffersize = (size_t)bytes;
  int nread;

  if(conn->bits.upload_chunky) {
    /* if chunked Transfer-Encoding */
    buffersize -= (8 + 2 + 2); /* 32bit hex + CRLF + CRLF */
    data->req.upload_fromhere += 10; /* 32bit hex + CRLF */
  }

  /* this function returns a size_t, so we typecast to int to prevent warnings
     with picky compilers */
  nread = (int)conn->fread_func(data->req.upload_fromhere, 1,
                                buffersize, conn->fread_in);

  if(nread == CURL_READFUNC_ABORT) {
    failf(data, "operation aborted by callback");
    return CURLE_ABORTED_BY_CALLBACK;
  }
  else if(nread == CURL_READFUNC_PAUSE) {
    struct SingleRequest *k = &data->req;
    k->keepon |= KEEP_READ_PAUSE; /* mark reading as paused */
    return CURLE_OK; /* nothing was read */
  }
  else if((size_t)nread > buffersize)
    /* the read function returned a too large value */
    return CURLE_READ_ERROR;

If nread is -1, when cast to size_t, its a very large number.

Respectfully,
Brock
Received on 2008-06-09