Hi, I found a bug in the file stream.c in the project axutil If (Line 178) AXIS2_FREE(env->allocator, stream->buffer_head); frees a stream which len == his max_len a heap corruption appears because in allocater.c (Line 120) the function axutil_allocator_free_impl frees a pointer with wrong size (1 byte to much).
This error could only happen if the length of the buffer is a multiple of 2048 because in the file stream.c in the function axutil_stream_write_basic (Line 306) if(new_len > stream->max_len) the string become only larger if the max_len is bigger than the len not if max_len == len. If this case happen at the end of the programm a heap corruption appears. The Solution would be if(new_len >= stream->max_len) instead of if(new_len > stream->max_len) Did someone knows this bug and exists a offical patch / fix for it? Best Regards ( and sorry for my terrible english) Marc Stipcevic
