From 31def229842f7e3e2ccce640f0a27f5ccefb5565 Mon Sep 17 00:00:00 2001
From: Philip Gladstone <philipjsg@users.sourceforge.net>
Date: Thu, 30 May 2002 20:37:51 +0000
Subject: [PATCH] * Bad buffer management bug. Forgot to take care of the case 
  where doubling the size of the buffer is not enough.

Originally committed as revision 633 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 ffserver.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ffserver.c b/ffserver.c
index 45250c6303..86e21d051d 100644
--- a/ffserver.c
+++ b/ffserver.c
@@ -1317,13 +1317,21 @@ static void http_write_packet(void *opaque,
         c->buffer_ptr = c->buffer_end = c->buffer;
 
     if (c->buffer_end - c->buffer + size > c->buffer_size) {
-        UINT8 *new_buffer = av_malloc(c->buffer_size * 2);
+        int new_buffer_size = c->buffer_size * 2;
+        UINT8 *new_buffer;
+
+        if (new_buffer_size <= c->buffer_end - c->buffer + size) {
+            new_buffer_size = c->buffer_end - c->buffer + size + c->buffer_size;
+        }
+
+        new_buffer = av_malloc(new_buffer_size);
         if (new_buffer) {
             memcpy(new_buffer, c->buffer, c->buffer_end - c->buffer);
             c->buffer_end += (new_buffer - c->buffer);
             c->buffer_ptr += (new_buffer - c->buffer);
             av_free(c->buffer);
             c->buffer = new_buffer;
+            c->buffer_size = new_buffer_size;
         } else {
             av_abort();
         }