Guard memset in camessage.c to prevent wild memory overrun if mismatch

between payload and data size.
2010-08-11 17:37:56 -05:00
parent 0291900562 e54b631b8d
commit 053ab01db4
1 changed files with 1 additions and 1 deletions
@@ -605,7 +605,7 @@ static void read_reply ( void *pArg, struct dbAddr *paddr,
                payload_size = data_size;
                cas_set_header_count(pClient, item_count);
            }
-            else
+            else if (payload_size > data_size)
                memset(
                    (char *) pPayload + data_size, 0, payload_size - data_size);
        }