> Calling memset() would be incorrect in this case even if you were concerned > about a NULL character How is it incorrect? memcached_response never writes the last byte of the buffer, so whatever it writes will be guaranteed to be null terminated.
> i.e. the minimal change would be to insert a NULL character in the buffer > after looked at the length of the returned string from memcached_response() You can't look at the length of the returned string as the buffer is already corrupted at that point and memcached_response does not return the length either. That's why the buffer needs to be zeroed before passing it in. There's a reason multiple people reviewed and signed off on this patch. > but you don't have to do that because it is already done for you > I mentioned the error path only because in that path there is no guarantee > that a NULL would be added to the buffer Once again, you fail to cite where this is ostensibly "already done". The non-error path does not add a null termination, I double checked. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1573594 Title: Missing null termination in PROTOCOL_BINARY_CMD_SASL_LIST_MECHS response handling To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libmemcached/+bug/1573594/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
