The memcpy below tried to copy too much data (it's capacity of the section * 2,
max is doubled few lines above). Let's copy only the used data.


Unrelated observation:

I wonder what ensureClSpace() function does at all. How can this check
be ever true:

   else if (sct->used >= max) {

'max' is basically sct->max, does that mean the sct->used contains already new
size of the section?

diff -up sblim-sfcb-1.3.16/objectImpl.c.invalid-read2 sblim-sfcb-1.3.16/objectImpl.c
--- sblim-sfcb-1.3.16/objectImpl.c.invalid-read2	2013-04-19 14:42:52.000000000 +0200
+++ sblim-sfcb-1.3.16/objectImpl.c	2013-04-19 14:43:23.039536156 +0200
@@ -168,7 +168,7 @@ static void *ensureClSpace(ClObjectHdr *
          void *f,*t;
          f=((char*)hdr)+sct->sectionOffset;
          t=malloc(max*size);
-         memcpy(t,f,max*size);
+         memcpy(t,f,sct->used*size);
          sct->max=max;
          setSectionPtr(sct, t);
       }