diff -r a55491f66003 -r 5234c57b8759 src/server/util/io.c
--- a/src/server/util/io.c	Sat May 07 12:54:19 2022 +0200
+++ b/src/server/util/io.c	Sat May 07 14:08:46 2022 +0200
@@ -271,8 +271,6 @@
     http->buflen = *cursize; // TODO: store buflen as pointer
     http->bufpos = pos;
     http->chunk_buf_pos = 0;
-    http->remaining_len = 0;
-    http->remaining_pos = 0;
     return 0;
 }
 
@@ -364,36 +362,6 @@
     //memset(buf, 'x', nbytes);
     //char *orig_buf = buf;
     
-    // remaining bytes from the chunkbuf
-    /*
-    if(st->remaining_len > 0) {
-        size_t cplen = st->remaining_len > nbytes ? nbytes : st->remaining_len;
-        WSBool ret = FALSE;
-        if(read_data) {
-            // if we read data (and not a chunk header), we limit the
-            // amount of bytes we copy
-            size_t chunk_available = st->max_read - st->read;
-            if(cplen > chunk_available) {
-                cplen = chunk_available;
-                ret = TRUE;
-            }
-            st->read += cplen;
-        }
-        memcpy(buf, &st->remaining_buf[st->remaining_pos], cplen);
-        st->remaining_pos += cplen;
-        st->remaining_len -= cplen;
-        buf += cplen;
-        nbytes -= cplen;
-        r += cplen;
-        if(st->remaining_len == 0) {
-            st->remaining_pos = 0;
-        }
-        if(ret) {
-            return r;
-        }
-    }
-    */
-    
     // copy available data from st->readbuf to buf
     int pos = *st->bufpos;
     size_t buf_available = st->buflen - pos;
@@ -413,6 +381,13 @@
         nbytes -= cplen;
     }
     
+    // maybe perform IO and refill the read buffer
+    // if we read data (read_data == true), make sure not to perform IO,
+    // when a chunk is completed
+    //
+    // if we read a chunk header (read_data == false) it is very important
+    // to not perform IO, if we have previously copied data from readbuf
+    // this ensures we never override non-chunk-header data
     if(*perform_io && ((read_data && nbytes > 0 && st->max_read - st->read) || (!read_data && r == 0))) {
         if(st->buflen - *st->bufpos > 0) {
             printf("todo: fix, should not happen, remove later\n");
@@ -570,13 +545,11 @@
             } else if(ret > 0) {
                 st->max_read = chunklen;
                 st->read = 0;
-                st->remaining_len = chunkbuf_len - ret;
-                if(st->remaining_len > 0) {
-                    //memcpy(st->remaining_buf, st->chunk_buf, HTTP_STREAM_CBUF_SIZE);
-                    *st->bufpos -= st->remaining_len;
-                    //st->remaining_pos = ret;
-                } else {
-                    st->remaining_pos = 0;
+                int remaining_len = chunkbuf_len - ret;
+                if(remaining_len > 0) {
+                    // we have read more into chunk_buf than the chunk_header
+                    // it is save to just move bufpos back
+                    *st->bufpos -= remaining_len;
                 }
                 //st->remaining_len = chunkbuf_len - ret;
                 st->chunk_buf_pos = 0;