- }
- else
- {
- char *buffer_ptr= buffer;
- const char *command= storage_op_string(verb);
-
- /* Copy in the command, no space needed, we handle that in the command function*/
- memcpy(buffer_ptr, command, strlen(command));
-
- /* Copy in the key prefix, switch to the buffer_ptr */
- buffer_ptr= memcpy((buffer_ptr + strlen(command)), ptr->prefix_key, strlen(ptr->prefix_key));
-
- /* Copy in the key, adjust point if a key prefix was used. */
- buffer_ptr= memcpy(buffer_ptr + (ptr->prefix_key ? strlen(ptr->prefix_key) : 0),
- key, key_length);
- buffer_ptr+= key_length;
- buffer_ptr[0]= ' ';
- buffer_ptr++;
-
- write_length= (size_t)(buffer_ptr - buffer);
- write_length+= (size_t) snprintf(buffer_ptr, MEMCACHED_DEFAULT_COMMAND_SIZE,
- "%u %llu %zu%s\r\n",
- flags,
- (unsigned long long)expiration, value_length,
- ptr->flags.no_reply ? " noreply" : "");
- }
-
- if (ptr->flags.use_udp && ptr->flags.buffer_requests)
- {
- size_t cmd_size= write_length + value_length + 2;
- if (cmd_size > MAX_UDP_DATAGRAM_LENGTH - UDP_DATAGRAM_HEADER_LENGTH)
- return MEMCACHED_WRITE_FAILURE;
- if (cmd_size + ptr->hosts[server_key].write_buffer_offset > MAX_UDP_DATAGRAM_LENGTH)
- memcached_io_write(&ptr->hosts[server_key], NULL, 0, 1);
- }
-
- if (write_length >= MEMCACHED_DEFAULT_COMMAND_SIZE)
- {
- rc= MEMCACHED_WRITE_FAILURE;
- goto error;
- }
-
- /* Send command header */
- rc= memcached_do(&ptr->hosts[server_key], buffer, write_length, 0);
- if (rc != MEMCACHED_SUCCESS)
- goto error;
+ if (check_length >= MEMCACHED_DEFAULT_COMMAND_SIZE || check_length < 0)
+ {
+ rc= MEMCACHED_WRITE_FAILURE;
+ memcached_io_reset(instance);
+
+ return rc;
+ }
+ write_length= check_length;
+ }
+ else
+ {
+ char *buffer_ptr= buffer;
+ const char *command= storage_op_string(verb);
+
+ /* Copy in the command, no space needed, we handle that in the command function*/
+ memcpy(buffer_ptr, command, strlen(command));
+
+ /* Copy in the key prefix, switch to the buffer_ptr */
+ buffer_ptr= memcpy((buffer_ptr + strlen(command)), ptr->prefix_key, ptr->prefix_key_length);
+
+ /* Copy in the key, adjust point if a key prefix was used. */
+ buffer_ptr= memcpy(buffer_ptr + (ptr->prefix_key_length ? ptr->prefix_key_length : 0),
+ key, key_length);
+ buffer_ptr+= key_length;
+ buffer_ptr[0]= ' ';
+ buffer_ptr++;
+
+ write_length= (size_t)(buffer_ptr - buffer);
+ int check_length;
+ check_length= snprintf(buffer_ptr, MEMCACHED_DEFAULT_COMMAND_SIZE -(size_t)(buffer_ptr - buffer),
+ "%u %llu %lu%s\r\n",
+ flags,
+ (unsigned long long)expiration, (unsigned long)value_length,
+ ptr->flags.no_reply ? " noreply" : "");
+ if ((size_t)check_length >= MEMCACHED_DEFAULT_COMMAND_SIZE -(size_t)(buffer_ptr - buffer) || check_length < 0)
+ {
+ rc= MEMCACHED_WRITE_FAILURE;
+ memcached_io_reset(instance);
+
+ return rc;
+ }
+
+ write_length+= (size_t)check_length;
+ WATCHPOINT_ASSERT(write_length < MEMCACHED_DEFAULT_COMMAND_SIZE);
+ }