Memcached segfault on increment
Tomash Brechko
tomash.brechko at gmail.com
Thu Jun 19 10:06:37 UTC 2008
On Thu, Jun 19, 2008 at 11:52:04 +0200, Cosimo Streppone wrote:
> 750 if ((len + 2) > c->wsize) {
> 751 /* ought to be always enough. just fail for simplicity */
> 752 str = "SERVER_ERROR output line too long";
> 753 len = strlen(str);
> 754 }
> 755
> 756 memcpy(c->wbuf, str, len);
> 757 memcpy(c->wbuf + len, "\r\n", 3); # *** <-- HERE ?
> 758 c->wbytes = len + 2;
> 759 c->wcurr = c->wbuf;
Agree, same bug.
> Or just look for ', 3' :)
Brilliant! :) Though egrep '\b3\);' revealed only these two places.
--
Tomash Brechko
More information about the memcached
mailing list