Navigation

← Previous Changeset
Next Changeset →

Changeset 786

Timestamp:

06/23/08 04:05:18 (5 months ago)

Author:

dormando

Message:

Fix heap corruption when copying too much data onto an item.

(Dustin:)
I wrote a fuzz test that would consistently crash in assoc_find, but
after this change the test failed to break things and my fuzz
generator couldn't produce another breaking case.

Files:

trunk/server/memcached.c (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/server/memcached.c

r784	r786
1528	1528	}
1529	1529	memcpy(ITEM_data(new_it), buf, res);
1530		memcpy(ITEM_data(new_it) + res, "\r\n", 3);
	1530	memcpy(ITEM_data(new_it) + res, "\r\n", 2);
1531	1531	do_item_replace(it, new_it);
1532	1532	do_item_remove(new_it); /* release our reference */

Download in other formats:

Unified Diff
Zip Archive