codenotifier - Memcached: revision 786

Revision: 786

Author: dormando

Date: 23 Jun 2008 00:05:18

Changes:

Fix heap corruption when copying too much data onto an item.

(Dustin:)
I wrote a fuzz test that would consistently crash in assoc_find, but
after this change the test failed to break things and my fuzz
generator couldn't produce another breaking case.

Files:
modified: /trunk/server/memcached.c (try)

Diff:

/trunk/server/memcached.c

To list

......	@@ -1527,7 +1527,7 @@
1527	1527	return "SERVER_ERROR out of memory in incr/decr";
1528	1528	}
1529	1529	memcpy(ITEM_data(new_it), buf, res);
1530		memcpy(ITEM_data(new_it) + res, "\r\n", 3);
	1530	memcpy(ITEM_data(new_it) + res, "\r\n", 2);
1531	1531	do_item_replace(it, new_it);
1532	1532	do_item_remove(new_it); /* release our reference */
1533	1533	} else { /* replace in-place */

Projects	new\|cloud\|list\|latest added\|bugtracking
Jobs	latest news fetches\|latest commit diff fetches\|more
This project	show\|info\|fetch status
Codenotifier	what is it\|blog\|feedback
©2008 codenotifier.com