char *buffer, size_t length, char with_flush)
{
size_t original_length;
+ char* buffer_ptr;
original_length= length;
+ buffer_ptr= buffer;
while (length)
{
should_write= (should_write < length) ? should_write : length;
- memcpy(write_ptr, buffer, should_write);
+ memcpy(write_ptr, buffer_ptr, should_write);
ptr->write_buffer_offset+= should_write;
+ buffer_ptr+= should_write;
length-= should_write;
if (ptr->write_buffer_offset == MEMCACHED_MAX_BUFFER)
if (rc == MEMCACHED_NOTFOUND)
errors++;
else
+ {
+ WATCHPOINT_ERROR(rc);
assert(0);
+ }
continue;
}
return 0;
}
+/*
+ Bug found where command total one more than MEMCACHED_MAX_BUFFER
+ set key34567890 0 0 8169 \r\n is sent followed by buffer of size 8169, followed by 8169
+ */
+uint8_t user_supplied_bug13(memcached_st *memc)
+{
+ char key[] = "key34567890";
+ char *overflow;
+ memcached_return rc;
+ size_t overflowSize;
+
+ char commandFirst[]= "set key34567890 0 0 ";
+ char commandLast[] = " \r\n"; /* first line of command sent to server */
+ size_t commandLength;
+ size_t testSize;
+
+ commandLength = strlen(commandFirst) + strlen(commandLast) + 4; /* 4 is number of characters in size, probably 8196 */
+
+ overflowSize = MEMCACHED_MAX_BUFFER - commandLength;
+
+ for (testSize= overflowSize - 1; testSize < overflowSize + 1; testSize++)
+ {
+ overflow= malloc(testSize);
+ assert(overflow != NULL);
+
+ memset(overflow, 'x', testSize);
+ rc= memcached_set(memc, key, strlen(key),
+ overflow, testSize, 0, 0);
+ assert(rc == MEMCACHED_SUCCESS);
+ free(overflow);
+ }
+
+ return 0;
+}
+
uint8_t result_static(memcached_st *memc)
{
memcached_result_st result;
{"user_supplied_bug10", 1, user_supplied_bug10 },
{"user_supplied_bug11", 1, user_supplied_bug11 },
{"user_supplied_bug12", 1, user_supplied_bug12 },
+ {"user_supplied_bug13", 1, user_supplied_bug13 },
{0, 0, 0}
};
projects / awesomized / libmemcached / commitdiff
