Changeset 786

Timestamp:

06/23/08 04:05:18 (17 months ago)

Author:

dormando

Message:

Fix heap corruption when copying too much data onto an item.

(Dustin:)
I wrote a fuzz test that would consistently crash in assoc_find, but
after this change the test failed to break things and my fuzz
generator couldn't produce another breaking case.

Files:

• trunk/server/memcached.c (modified) (1 diff)

trunk/server/memcached.c

@@ -1528 +1528 @@
         }
         memcpy(ITEM_data(new_it), buf, res);
-        memcpy(ITEM_data(new_it) + res, "\r\n", 3);
+        memcpy(ITEM_data(new_it) + res, "\r\n", 2);
         do_item_replace(it, new_it);
         do_item_remove(new_it);       /* release our reference */