defensive fix for improper usage of buf.New().

app/proxyman/mux/reader.go

@@ -17,7 +17,7 @@ func ReadMetadata(reader io.Reader) (*FrameMetadata, error) {
 		return nil, newError("invalid metalen ", metaLen).AtError()
 	}
 
-	b := buf.New()
+	b := buf.NewSize(uint32(metaLen))
 	defer b.Release()
 
 	if err := b.Reset(buf.ReadFullFrom(reader, int(metaLen))); err != nil {

proxy/http/server.go

@@ -173,7 +173,7 @@ func (s *Server) handleConnect(ctx context.Context, request *http.Request, reade
 	}
 
 	if reader.Buffered() > 0 {
-		payload := buf.New()
+		payload := buf.NewSize(uint32(reader.Buffered()))
 		common.Must(payload.Reset(func(b []byte) (int, error) {
 			return reader.Read(b[:reader.Buffered()])
 		}))