Updates:
Status: Fixed
Comment #1 on issue 379 by [email protected]: Incorrect result of 'decr'
and 'incr' operation on empty item under some circumstances
https://code.google.com/p/memcached/issues/detail?id=379
Well... this bug is nasty.
It wasn't checking that the data was nonzero in size. Internally it uses
strtoull, which ignores initial characters matched as spaces, then attempts
to parse the rest of the number.
An empty item has "\r\n" in the data section (min size 2), so if there's
parseable memory beyond the end of the data section in that chunk, possibly
from data previously occupying that space, it'll successfully delta it.
It won't corrupt memory, since it later tests for space to write the new
value into (it->nbytes), and will then allocate a new item for the storage.
So.. a small win there at least.
Pushed a fix to 'next' branch.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
---
You received this message because you are subscribed to the Google Groups "memcached" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
