From 3552ac1eb3af86fcc0b6d8015b4ba9c72ed0f54a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 14 Jan 2009 19:39:17 +0000
Subject: [PATCH] Do not allow chain length to expand indefinitely.

svn:r1007
---
 buffer.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/buffer.c b/buffer.c
index 3f638358..8f751a42 100644
--- a/buffer.c
+++ b/buffer.c
@@ -640,6 +640,8 @@ evbuffer_readln(struct evbuffer *buffer, size_t *n_read_out,
 	return (line);
 }
 
+#define EVBUFFER_CHAIN_MAX_AUTO_SIZE 4096
+
 /* Adds data to an event buffer */
 
 int
@@ -680,8 +682,9 @@ evbuffer_add(struct evbuffer *buf, const void *data_in, size_t datlen)
 	}
 
 	/* we need to add another chain */
-	/* XXX Does this double the length of every successive chain? */
-	to_alloc = chain->buffer_len << 1;
+	to_alloc = chain->buffer_len;
+	if (to_alloc <= EVBUFFER_CHAIN_MAX_AUTO_SIZE/2)
+		to_alloc <<= 1;
 	if (datlen > to_alloc)
 		to_alloc = datlen;
 	chain->next = evbuffer_chain_new(to_alloc);
-- 
2.40.0