Index: contrib/mod_sftp/fxp.c
===================================================================
RCS file: /cvsroot/proftp/proftpd/contrib/mod_sftp/fxp.c,v
retrieving revision 1.139
diff -u -r1.139 fxp.c
--- contrib/mod_sftp/fxp.c	15 Feb 2012 22:10:56 -0000	1.139
+++ contrib/mod_sftp/fxp.c	15 Feb 2012 22:30:19 -0000
@@ -2511,7 +2511,18 @@
       fxp_packet_data_allocsz += sz;
     }
 
-    memcpy(curr_buf, data, datalen);
+    /* We explicitly want to use memmove(3) here rather than memcpy(3),
+     * since it is possible (and likely) that after reading data out
+     * of this buffer, there will be leftover data which is put back into
+     * the buffer, only at a different offset.  This means that the
+     * source and destination pointers CAN overlap; using memcpy(3) would
+     * lead to subtle memory copy issue (e.g. Bug#3743).
+     *
+     * This manifested as hard-to-reproduce SFTP upload/download stalls,
+     * segfaults, etc, due to corrupted memory being read out as
+     * packet lengths and such.
+     */
+    memmove(curr_buf, data, datalen);
     curr_buflen = datalen;
 
     return;
@@ -2556,8 +2567,18 @@
       }
     }
 
-    /* Append the SSH2 data to the current unconsumed buffer. */
-    memcpy(curr_buf + curr_buflen, data, datalen);
+    /* We explicitly want to use memmove(3) here rather than memcpy(3),
+     * since it is possible (and likely) that after reading data out
+     * of this buffer, there will be leftover data which is put back into
+     * the buffer, only at a different offset.  This means that the
+     * source and destination pointers CAN overlap; using memcpy(3) would
+     * lead to subtle memory copy issue (e.g. Bug#3743).
+     *
+     * This manifested as hard-to-reproduce SFTP upload/download stalls,
+     * segfaults, etc, due to corrupted memory being read out as
+     * packet lengths and such.
+     */
+    memmove(curr_buf + curr_buflen, data, datalen);
     curr_buflen += datalen;
   }