Fix buffer overrun after incomplete read in pullf_read_max().

Noah Misch <noah@leadboat.com>

Commit: 6994f07907b90ff03f661ca00e0341a9078fa843
Author: Noah Misch <noah@leadboat.com>
Date: 2015-02-02T15:00:50Z
Releases: 9.3.6
Fix buffer overrun after incomplete read in pullf_read_max().

Most callers pass a stack buffer.  The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation.  Back-patch to 9.0 (all supported versions).

Marko Tiikkaja

Security: CVE-2015-0243

Files