From 3e760ebabf082261fc54eb596a1fefc7bb4c5a43 Mon Sep 17 00:00:00 2001
From: Justin Maggard <jmaggard@netgear.com>
Date: Mon, 13 Jun 2011 18:28:57 +0000
Subject: [PATCH] * Fix possible crash bug after enlarging a SOAP response
 buffer.

---
 upnpsoap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/upnpsoap.c b/upnpsoap.c
index 0eaef05..f3272be 100644
--- a/upnpsoap.c
+++ b/upnpsoap.c
@@ -634,7 +634,7 @@ callback(void *args, int argc, char **argv, char **azColName)
 		if( (str->size+DEFAULT_RESP_SIZE) <= MAX_RESPONSE_SIZE )
 		{
 #endif
-			str->data = realloc(str->data, (str->off+DEFAULT_RESP_SIZE));
+			str->data = realloc(str->data, (str->size+DEFAULT_RESP_SIZE));
 			if( str->data )
 			{
 				str->size += DEFAULT_RESP_SIZE;