From 42a7cc99572d9cf161e9db04f31e123b5431df10 Mon Sep 17 00:00:00 2001
From: Brian Aker <brian@tangent.org>
Date: Mon, 28 Jan 2008 18:17:02 -0800
Subject: [PATCH] Incomming Patch from Kevin

---
 lib/memcached_fetch.c | 72 +++++++++++++++++++------------------------
 tests/function.c      | 52 +++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+), 40 deletions(-)

diff --git a/lib/memcached_fetch.c b/lib/memcached_fetch.c
index 6c4d393a..19f60870 100644
--- a/lib/memcached_fetch.c
+++ b/lib/memcached_fetch.c
@@ -10,6 +10,9 @@ memcached_return value_fetch(memcached_server_st *ptr,
   char *end_ptr;
   char *next_ptr;
   size_t value_length;
+  size_t read_length;
+  size_t to_read;
+  char *value_ptr;
 
   end_ptr= buffer + MEMCACHED_DEFAULT_COMMAND_SIZE;
 
@@ -78,51 +81,40 @@ memcached_return value_fetch(memcached_server_st *ptr,
   if (end_ptr < string_ptr)
     goto read_error;
 
-  if (value_length)
+  /* We add two bytes so that we can walk the \r\n */
+  rc= memcached_string_check(&result->value, value_length+2);
+  if (rc != MEMCACHED_SUCCESS)
   {
-    size_t read_length;
-    size_t to_read;
-    char *value_ptr;
-
-    /* We add two bytes so that we can walk the \r\n */
-    rc= memcached_string_check(&result->value, value_length+2);
-    if (rc != MEMCACHED_SUCCESS)
-    {
-      value_length= 0;
-      return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
-    }
-
-    value_ptr= memcached_string_value(&result->value);
-    read_length= 0;
-    /* 
-      We read the \r\n into the string since not doing so is more 
-      cycles then the waster of memory to do so.
-
-      We are null terminating through, which will most likely make
-      some people lazy about using the return length.
-    */
-    to_read= (value_length) + 2;
-
-    read_length= memcached_io_read(ptr, value_ptr, to_read);
-
-    if (read_length != (size_t)(value_length + 2))
-    {
-      goto read_error;
-    }
+    value_length= 0;
+    return MEMCACHED_MEMORY_ALLOCATION_FAILURE;
+  }
 
-    /* This next bit blows the API, but this is internal....*/
-    {
-      char *char_ptr;
-      char_ptr= memcached_string_value(&result->value);;
-      char_ptr[value_length]= 0;
-      char_ptr[value_length + 1]= 0;
-      memcached_string_set_length(&result->value, value_length);
-    }
+  value_ptr= memcached_string_value(&result->value);
+  read_length= 0;
+  /* 
+    We read the \r\n into the string since not doing so is more 
+    cycles then the waster of memory to do so.
+
+    We are null terminating through, which will most likely make
+    some people lazy about using the return length.
+  */
+  to_read= (value_length) + 2;
+  read_length= memcached_io_read(ptr, value_ptr, to_read);
+  if (read_length != (size_t)(value_length + 2))
+  {
+    goto read_error;
+  }
 
-    return MEMCACHED_SUCCESS;
+/* This next bit blows the API, but this is internal....*/
+  {
+    char *char_ptr;
+    char_ptr= memcached_string_value(&result->value);;
+    char_ptr[value_length]= 0;
+    char_ptr[value_length + 1]= 0;
+    memcached_string_set_length(&result->value, value_length);
   }
 
-  return rc;
+  return MEMCACHED_SUCCESS;
 
 read_error:
   return MEMCACHED_PARTIAL_READ;
diff --git a/tests/function.c b/tests/function.c
index 13c09ad1..fa739863 100644
--- a/tests/function.c
+++ b/tests/function.c
@@ -1681,6 +1681,57 @@ uint8_t user_supplied_bug13(memcached_st *memc)
   return 0;
 }
 
+
+/*
+  Test values of many different sizes
+  Bug found where command total one more than MEMCACHED_MAX_BUFFER
+  set key34567890 0 0 8169 \r\n
+  is sent
+  followed by buffer of size 8169, followed by 8169
+ */
+uint8_t user_supplied_bug14(memcached_st *memc)
+{
+  int setter= 1;
+  memcached_behavior_set(memc, MEMCACHED_BEHAVIOR_TCP_NODELAY, &setter);
+  memcached_return rc;
+  char *key= "foo";
+  char *value;
+  size_t value_length= 18000;
+  char *string;
+  size_t string_length;
+  uint32_t flags;
+  unsigned int x;
+  size_t current_length;
+
+  value = (char*)malloc(value_length);
+  assert(value);
+
+  for (x= 0; x < value_length; x++)
+    value[x] = (char) (x % 127);
+
+  for (current_length = 0; current_length < value_length; current_length++)
+  {
+    rc= memcached_set(memc, key, strlen(key), 
+                      value, current_length,
+                      (time_t)0, (uint32_t)0);
+    assert(rc == MEMCACHED_SUCCESS || rc == MEMCACHED_BUFFERED);
+
+    string= memcached_get(memc, key, strlen(key),
+                          &string_length, &flags, &rc);
+
+    assert(rc == MEMCACHED_SUCCESS);
+    assert(string);
+    assert(string_length == current_length);
+    assert(!memcmp(string, value, string_length));
+
+    free(string);
+  }
+
+  free(value);
+
+  return 0;
+}
+
 uint8_t result_static(memcached_st *memc)
 {
   memcached_result_st result;
@@ -2320,6 +2371,7 @@ test_st user_tests[] ={
   {"user_supplied_bug11", 1, user_supplied_bug11 },
   {"user_supplied_bug12", 1, user_supplied_bug12 },
   {"user_supplied_bug13", 1, user_supplied_bug13 },
+  {"user_supplied_bug14", 1, user_supplied_bug14 },
   {0, 0, 0}
 };
 
-- 
2.30.2