diff options
| author | Dustin Sallings <dustin@spy.net> | 2009-02-13 20:59:10 -0800 |
|---|---|---|
| committer | Dustin Sallings <dustin@spy.net> | 2009-02-13 21:59:51 -0800 |
| commit | ff8122ce7b80d770eea56f364ba99d7477152fd8 (patch) | |
| tree | 971d9b090b033c18b745a15bd4e0a58d842f2ed7 /memcached.c | |
| parent | 72cb22b0ae7ecc1b536a0e4f4898556aba52e057 (diff) | |
| download | memcached-ff8122ce7b80d770eea56f364ba99d7477152fd8.tar.gz | |
stats detail dump shouldn't use more memory than given.
http://code.google.com/p/memcached/issues/detail?id=18
Diffstat (limited to 'memcached.c')
| -rw-r--r-- | memcached.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/memcached.c b/memcached.c index 9568b2f..ba683bd 100644 --- a/memcached.c +++ b/memcached.c @@ -1346,13 +1346,16 @@ static void process_bin_stat(conn *c) { if (strncmp(subcmd_pos, " dump", 5) == 0) { char *dump_buf = stats_prefix_dump(&len); int nbytes = 0; + int allocation = 0; if (dump_buf == NULL || len <= 0) { write_bin_error(c, PROTOCOL_BINARY_RESPONSE_ENOMEM, 0); return; } - buf = malloc((sizeof(header->response) * 2) + len); + /* Extra 9 bytes for (length "detailed") */ + allocation = (sizeof(header->response) * 2) + len + 8; + buf = malloc(allocation); if (buf == NULL) { free(dump_buf); @@ -1366,6 +1369,7 @@ static void process_bin_stat(conn *c) { dump_buf, len, (void *)c); bufpos += nbytes; nbytes += append_bin_stats(bufpos, NULL, 0, NULL, 0, (void *)c); + assert(nbytes <= allocation); free(dump_buf); write_and_free(c, buf, nbytes); |