Buffer overflow, every time

[glasser]

I recognize that it wouldn't be C without a buffer overflow or two. That said:

    send_buffer = (char*)calloc(numbytes, sizeof(char));	
    hdrbytes = sprintf(send_buffer, "HTTP/1.1 200 k\nContent-Length: %d\ncontent-encoding: deflate\n\n", numbytes);
    memcpy(send_buffer+hdrbytes, buffer, numbytes);

send_buffer has size numbytes. You then copy numbytes worth of data onto a place starting after the beginning of send_buffer. Looks like a buffer overflow to me! Simplest fix is to have an intermediate buffer for the header, and only allocate send_buffer once we know how big it needs to be.

[diracdeltas]

also reported on twitters