diff --git a/app/proxyman/mux/reader.go b/app/proxyman/mux/reader.go
index 641f074cb..4c5432972 100644
--- a/app/proxyman/mux/reader.go
+++ b/app/proxyman/mux/reader.go
@@ -17,7 +17,7 @@ func ReadMetadata(reader io.Reader) (*FrameMetadata, error) {
 		return nil, newError("invalid metalen ", metaLen).AtError()
 	}
 
-	b := buf.NewSize(uint32(metaLen))
+	b := buf.NewSize(int32(metaLen))
 	defer b.Release()
 
 	if err := b.Reset(buf.ReadFullFrom(reader, int32(metaLen))); err != nil {
@@ -51,7 +51,7 @@ func (r *PacketReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 		return nil, err
 	}
 
-	b := buf.NewSize(uint32(size))
+	b := buf.NewSize(int32(size))
 	if err := b.Reset(buf.ReadFullFrom(r.reader, int32(size))); err != nil {
 		b.Release()
 		return nil, err
diff --git a/common/buf/buffer.go b/common/buf/buffer.go
index 340cdf76e..01a4f0ebd 100644
--- a/common/buf/buffer.go
+++ b/common/buf/buffer.go
@@ -179,9 +179,9 @@ func New() *Buffer {
 	}
 }
 
-// NewSize creates and returns a buffer with 0 length and at least the given capacity.
-func NewSize(size uint32) *Buffer {
+// NewSize creates and returns a buffer with 0 length and at least the given capacity. Capacity must be positive.
+func NewSize(capacity int32) *Buffer {
 	return &Buffer{
-		v: newBytes(size),
+		v: newBytes(capacity),
 	}
 }
diff --git a/common/buf/buffer_pool.go b/common/buf/buffer_pool.go
index 59a4fb891..e73881332 100644
--- a/common/buf/buffer_pool.go
+++ b/common/buf/buffer_pool.go
@@ -9,7 +9,7 @@ const (
 	Size = 2 * 1024
 )
 
-func createAllocFunc(size uint32) func() interface{} {
+func createAllocFunc(size int32) func() interface{} {
 	return func() interface{} {
 		return make([]byte, size)
 	}
@@ -26,12 +26,12 @@ const (
 
 var (
 	pool      [numPools]sync.Pool
-	poolSize  [numPools]uint32
-	largeSize uint32
+	poolSize  [numPools]int32
+	largeSize int32
 )
 
 func init() {
-	size := uint32(Size)
+	size := int32(Size)
 	for i := 0; i < numPools; i++ {
 		pool[i] = sync.Pool{
 			New: createAllocFunc(size),
@@ -42,7 +42,7 @@ func init() {
 	}
 }
 
-func newBytes(size uint32) []byte {
+func newBytes(size int32) []byte {
 	for idx, ps := range poolSize {
 		if size <= ps {
 			return pool[idx].Get().([]byte)
@@ -52,7 +52,7 @@ func newBytes(size uint32) []byte {
 }
 
 func freeBytes(b []byte) {
-	size := uint32(cap(b))
+	size := int32(cap(b))
 	b = b[0:cap(b)]
 	for i := numPools - 1; i >= 0; i-- {
 		if size >= poolSize[i] {
diff --git a/common/buf/multi_buffer.go b/common/buf/multi_buffer.go
index 60b7ce8e9..b4e6d4cf7 100644
--- a/common/buf/multi_buffer.go
+++ b/common/buf/multi_buffer.go
@@ -39,7 +39,7 @@ func ReadSizeToMultiBuffer(reader io.Reader, size int32) (MultiBuffer, error) {
 		if bSize > Size {
 			bSize = Size
 		}
-		b := NewSize(uint32(bSize))
+		b := NewSize(bSize)
 		if err := b.Reset(ReadFullFrom(reader, bSize)); err != nil {
 			mb.Release()
 			return nil, err
@@ -189,7 +189,7 @@ func (mb *MultiBuffer) SliceBySize(size int32) MultiBuffer {
 	}
 	*mb = (*mb)[endIndex:]
 	if endIndex == 0 && len(*mb) > 0 {
-		b := NewSize(uint32(size))
+		b := NewSize(size)
 		common.Must(b.Reset(ReadFullFrom((*mb)[0], size)))
 		return NewMultiBufferValue(b)
 	}
diff --git a/common/buf/reader.go b/common/buf/reader.go
index df7af923d..d652e86a8 100644
--- a/common/buf/reader.go
+++ b/common/buf/reader.go
@@ -55,7 +55,7 @@ func (r *BytesToBufferReader) ReadMultiBuffer() (MultiBuffer, error) {
 		mb.Write(r.buffer[:nBytes])
 		if nBytes == len(r.buffer) && nBytes < int(largeSize) {
 			freeBytes(r.buffer)
-			r.buffer = newBytes(uint32(nBytes) + 1)
+			r.buffer = newBytes(int32(nBytes) + 1)
 		} else if nBytes < Size {
 			r.freeBuffer()
 		}
diff --git a/common/crypto/auth.go b/common/crypto/auth.go
index 7ea682d92..8ac9e4789 100644
--- a/common/crypto/auth.go
+++ b/common/crypto/auth.go
@@ -143,7 +143,7 @@ func (r *AuthenticationReader) readInternal(soft bool) (*buf.Buffer, error) {
 		return nil, errSoft
 	}
 
-	b := buf.NewSize(uint32(size))
+	b := buf.NewSize(size)
 	if err := b.Reset(buf.ReadFullFrom(r.reader, size)); err != nil {
 		b.Release()
 		return nil, err
diff --git a/proxy/shadowsocks/ota.go b/proxy/shadowsocks/ota.go
index e574bcb0f..500ccec38 100644
--- a/proxy/shadowsocks/ota.go
+++ b/proxy/shadowsocks/ota.go
@@ -76,7 +76,7 @@ func (v *ChunkReader) ReadMultiBuffer() (buf.MultiBuffer, error) {
 	}
 	size += AuthSize
 
-	buffer := buf.NewSize(uint32(size))
+	buffer := buf.NewSize(int32(size))
 	if err := buffer.AppendSupplier(buf.ReadFullFrom(v.reader, int32(size))); err != nil {
 		buffer.Release()
 		return nil, err