From 8eb445cfd3df7dcb6b83304bc1f918985965e1af Mon Sep 17 00:00:00 2001
From: Christopher Faylor <me@cgf.cx>
Date: Tue, 8 Nov 2005 23:25:55 +0000
Subject: [PATCH] * fhandler_base.cc (fhandler_base::readv): Free buf, not a
 pointer into the middle of buf.

---
 winsup/cygwin/ChangeLog   | 5 +++++
 winsup/cygwin/fhandler.cc | 7 ++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/winsup/cygwin/ChangeLog b/winsup/cygwin/ChangeLog
index 30ca4015c..d51714b8d 100644
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@@ -1,3 +1,8 @@
+2005-11-08  Christopher Faylor  <cgf@timesys.com>
+
+	* fhandler_base.cc (fhandler_base::readv): Free buf, not a pointer into
+	the middle of buf.
+
 2005-11-08  Christopher Faylor  <cgf@timesys.com>
 
 	* memmem.cc: New file.
diff --git a/winsup/cygwin/fhandler.cc b/winsup/cygwin/fhandler.cc
index a8a27862a..6931cb6bc 100644
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@@ -969,7 +969,7 @@ fhandler_base::readv (const struct iovec *const iov, const int iovcnt,
   if (!len)
     return 0;
 
-  char *buf = (char *) malloc (tot);
+  char *buf = (char *) malloc (len);
 
   if (!buf)
     {
@@ -982,11 +982,12 @@ fhandler_base::readv (const struct iovec *const iov, const int iovcnt,
 
   const struct iovec *iovptr = iov;
 
+  char *p = buf;
   while (nbytes > 0)
     {
       const int frag = min (nbytes, (ssize_t) iovptr->iov_len);
-      memcpy (iovptr->iov_base, buf, frag);
-      buf += frag;
+      memcpy (iovptr->iov_base, p, frag);
+      p += frag;
       iovptr += 1;
       nbytes -= frag;
     }