When attempting to decode a dynamic object from an incomplete buffer enters an infinite loop in the C decoder.

See attached source for example.

Changing Decoder_readPyString in context.c to:

static PyObject* Decoder_readPyString(DecoderObj self, int len) { if (self->int_buf) { return Buffer_readPyString((BufferObj)self->buf, len); }

   PyObject *tmp = self->_buf_str;
   PyObject *py_len = PyInt_FromLong((long)len);
   if (!py_len)
       return NULL;
   self->_buf_str = PyObject_CallMethodObjArgs(self->buf, self->read_name, py_len, NULL);

   int buf_len = PyString_Size(self->_buf_str);
   if (buf_len < len){
      char error_str[100];
      sprintf(error_str, "Attempted to read %d bytes. Received %d", len, buf_len);
      PyErr_SetString(amfast_ContextError, error_str);
      return NULL;
   }

   char *buf_str = PyString_AsString(self->_buf_str);

   Py_DECREF(py_len);
   Py_XDECREF(tmp); // Decrement reference to OLD string.
   return self->_buf_str;

}

May fix the issue. I'm not familiar enough with the code to know about any side-effects this may cause.

thanks for the code submission.

What is the purpose of the following line?

char *buf_str = PyString_AsString(self->_buf_str);

Hi,

That line is probably an error, I'm not the most proficient c coder

I made a couple of changes to your code and pushed the change to trunk.