Lighttpd

Upon updating from 1.4.39 to 1.4.40 I ran into a new bug: You have added a new force_assert() in 1.4.40, which I believe gets incorrectly triggered and exits lighttpd:

https://github.com/lighttpd/lighttpd1.4/blob/master/src/buffer.c#L475

The problem is not the assert itself but how the li_tohex() function is called from buffer_copy_string_hex() here:

https://github.com/lighttpd/lighttpd1.4/blob/master/src/buffer.c#L489

I think use of buffer_string_space() to compute the second argument is wrong. The buffer_string_space() function returns the still unused but already allocated memory of the buffer. But in the previous line 488 buffer_string_set_length() was used to "reserve" the space we need in the destination buffer already and the "reserved" space is marked as used. Therefore, the subsequent call to buffer_string_space() basically returns just the number of bytes allocated beyond the reserved space that's needed (so it actually returns just the amount of padding for the alignment). And this almost always will be less than 2*in_len and so trigger the assert in l.475.

I think buffer_string_length() should be used instead of the buffer_string_space() in l.489. This fixes the problem for me.