Greetings, I have observed that pn_data_grow() function looses half of the available data capacity. The following happens: when data overflows, pn_data_grow is invoked. It increases data capacity 2 times and reallocates nodes array. Data capacity is represented as uint16_t type and so when capacity reaches 32768 items, the result of multiplication by 2 becomes 0. This makes realloc return null and crashes the program.
To alleviate the problem with large messages I changed the function as follows: --- qpid-proton-0.9/proton-c/src/codec/codec.c 2015-03-31 12:07:22.000000000 +0300 +++ qpid-proton-0.9.fix/proton-c/src/codec/codec.c 2015-05-26 21:18:55.801632941 +0300 @@ -417,8 +417,21 @@ void pn_data_clear(pn_data_t *data) int pn_data_grow(pn_data_t *data) { - data->capacity = 2*(data->capacity ? data->capacity : 2); - data->nodes = (pni_node_t *) realloc(data->nodes, data->capacity * sizeof(pni_node_t)); + size_t s = data->capacity; + + if (s < 0x7fff) + s = 2 * (s? s : 2); + else if (s < 0xffff - 1024) + s += 1024; + else if (s != 0xffff) + s = 0xffff; + else { + pn_logf("Data node %p overflow", data); + abort(); + } + + data->nodes = (pni_node_t *) realloc(data->nodes, s * sizeof(pni_node_t)); + data->capacity = s; return 0; This allows to use capacities in 0x8000 ... 0xffff range and is supposed to report data overflow. Best regards, -- \ / | | (OvO) | Mikhail Iwanow | (^^^) | | \^/ | E-mail: iv...@logit-ag.de | ^ ^ | |