Janusz Dziemidowicz wrote:
2008/6/18 Dustin Sallings <[EMAIL PROTECTED]>:
Please try the latest version of my tree and let me know if you have any
more problems. I have been unable to crash memcached since this morning.
http://github.com/dustin/memcached
In particular, Tomash's fix:
http://github.com/dustin/memcached/commit/74d5235 made my fuzzer happy. I
ran about 20 minutes of fuzz plus the case that broke consistently for me
many times and saw no errors.
I can confirm that this particular patch fixes the problem for me.
Without it, your fuzzer was crashing memcached on second run with
exactly the same stack trace from Valgrind as I've posted earlier.
With this patch, I was too unable to crash it. Thanks a lot:)
Can the same patch be relevant also in out_string() ?
At this point I don't really understand the code enough.
Just wondering.
750 if ((len + 2) > c->wsize) {
751 /* ought to be always enough. just fail for simplicity */
752 str = "SERVER_ERROR output line too long";
753 len = strlen(str);
754 }
755
756 memcpy(c->wbuf, str, len);
757 memcpy(c->wbuf + len, "\r\n", 3); # *** <-- HERE ?
758 c->wbytes = len + 2;
759 c->wcurr = c->wbuf;
Or just look for ', 3' :)
--
Cosimo
