libmemcached

libmemcached binary Touch breaks next command

Bug #1104642 reported by Ronald Currier on 2013-01-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libmemcached	Fix Released	Medium	Brian Aker	libmemcached 1.0.16

Bug Description

The binary mode Touch command is broken in libmemcached 1.0.15 and earlier with at least some versions of memcached. Any commands issued after the Touch fail with a bad magic number error.

The problem is that with (at least) memcached version 1.4.15 the response from the touch command returns 4 bytes of body data. The libmemcached response processor assumes that Touch does not return any data so the extra 4 bytes are read as the response to the next command. The library will ASSERT if they are enabled but at least my build has ASSERTs turned off.

Patch:

*** response.cc 2012-11-11 22:27:27.000000000 -0800
--- response-new.cc 2013-01-24 17:43:41.080530500 -0800
***************
*** 659,664 ****
--- 659,668 ----
      case PROTOCOL_BINARY_CMD_TOUCH:
        {
          WATCHPOINT_ASSERT(bodylen == 0);
+ if (bodylen != 0)
+ {
+ rc= memcached_safe_read(instance, buffer, bodylen);
+ }
          return MEMCACHED_SUCCESS;
        }

Tags:

Revision history for this message

Brian Aker (brianaker) wrote on 2013-01-28:

Any idea on what those four bytes are?

Changed in libmemcached:
assignee:	nobody → Brian Aker (brianaker)
status:	New → In Progress
importance:	Undecided → Medium

Revision history for this message

Ronald Currier (rcurrier) wrote on 2013-01-29: RE: [Bug 1104642] Re: libmemcached binary Touch breaks next command

Are you wondering what the actual values are that I'm seeing (x00 x00 x00 x00) or what the bytes represent. The ASCII version doesn't return anything. From a cursory viewing of the memcached code it looks like it is the first 4 bytes of the value maybe? There is a "bodylen -= it->nbytes -2;" at line 1231 in memcached.c that looks like it should compensate for the additional "it->nbytes-2" that were added at line 1219. Not sure what's broken there.

Just for completeness, we are running memcached 1.4.15 on RedHat EL6 using libmemcached 1.0.12 on Windows and libmemcached 1.0.15 on RedHat EL6. And both show the same problem. Since the fix below has solved my problem I'm disinclined to go much further debugging the server.

- Ron

Revision history for this message

Brian Aker (brianaker) wrote on 2013-01-29:

Thanks, I've passed it to one of the server developers.

The fix will hit trunk momentarily.

On Jan 28, 2013, at 17:10, Ronald Currier <email address hidden> wrote:

> Are you wondering what the actual values are that I'm seeing (x00 x00
> x00 x00) or what the bytes represent. The ASCII version doesn't return
> anything. From a cursory viewing of the memcached code it looks like it
> is the first 4 bytes of the value maybe? There is a "bodylen -=
> it->nbytes -2;" at line 1231 in memcached.c that looks like it should
> compensate for the additional "it->nbytes-2" that were added at line
> 1219. Not sure what's broken there.
>
> Just for completeness, we are running memcached 1.4.15 on RedHat EL6
> using libmemcached 1.0.12 on Windows and libmemcached 1.0.15 on RedHat
> EL6. And both show the same problem. Since the fix below has solved my
> problem I'm disinclined to go much further debugging the server.
>
> - Ron
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1104642
>
> Title:
> libmemcached binary Touch breaks next command
>
> Status in libmemcached - A C and C++ client library for memcached:
> In Progress
>
> Bug description:
> The binary mode Touch command is broken in libmemcached 1.0.15 and
> earlier with at least some versions of memcached. Any commands issued
> after the Touch fail with a bad magic number error.
>
> The problem is that with (at least) memcached version 1.4.15 the
> response from the touch command returns 4 bytes of body data. The
> libmemcached response processor assumes that Touch does not return any
> data so the extra 4 bytes are read as the response to the next
> command. The library will ASSERT if they are enabled but at least my
> build has ASSERTs turned off.
>
> Patch:
>
> *** response.cc 2012-11-11 22:27:27.000000000 -0800
> --- response-new.cc 2013-01-24 17:43:41.080530500 -0800
> ***************
> *** 659,664 ****
> --- 659,668 ----
> case PROTOCOL_BINARY_CMD_TOUCH:
> {
> WATCHPOINT_ASSERT(bodylen == 0);
> + if (bodylen != 0)
> + {
> + rc= memcached_safe_read(instance, buffer, bodylen);
> + }
> return MEMCACHED_SUCCESS;
> }
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/libmemcached/+bug/1104642/+subscriptions

Thanks, I've passed it to one of the server developers.

The fix will hit trunk momentarily.

On Jan 28, 2013, at 17:10, Ronald Currier <rcurrier@pobox.com> wrote:

> Are you wondering what the actual values are that I'm seeing (x00 x00
> x00 x00) or what the bytes represent. The ASCII version doesn't return
> anything. From a cursory viewing of the memcached code it looks like it
> is the first 4 bytes of the value maybe? There is a "bodylen -=
> it->nbytes -2;" at line 1231 in memcached.c that looks like it should
> compensate for the additional "it->nbytes-2" that were added at line
> 1219. Not sure what's broken there.
>
> Just for completeness, we are running memcached 1.4.15 on RedHat EL6
> using libmemcached 1.0.12 on Windows and libmemcached 1.0.15 on RedHat
> EL6. And both show the same problem. Since the fix below has solved my
> problem I'm disinclined to go much further debugging the server.
>
>        - Ron
>
> --
> You received this bug notification because you are a bug assignee.
> https://bugs.launchpad.net/bugs/1104642
>
> Title:
>  libmemcached binary Touch breaks next command
>
> Status in libmemcached - A C and C++ client library for memcached:
>  In Progress
>
> Bug description:
>  The binary mode Touch command is broken in libmemcached 1.0.15 and
>  earlier with at least some versions of memcached. Any commands issued
>  after the Touch fail with a bad magic number error.
>
>  The problem is that with (at least) memcached version 1.4.15 the
>  response from the touch command returns  4 bytes of body data. The
>  libmemcached response processor assumes that Touch does not return any
>  data so the extra 4 bytes are read as the response to the next
>  command. The library will ASSERT if they are enabled but at least my
>  build has ASSERTs turned off.
>
>  Patch:
>
>  *** response.cc 2012-11-11 22:27:27.000000000 -0800
>  --- response-new.cc     2013-01-24 17:43:41.080530500 -0800
>  ***************
>  *** 659,664 ****
>  --- 659,668 ----
>        case PROTOCOL_BINARY_CMD_TOUCH:
>          {
>            WATCHPOINT_ASSERT(bodylen == 0);
>  +       if (bodylen != 0)
>  +       {
>  +         rc= memcached_safe_read(instance, buffer, bodylen);
>  +       }
>            return MEMCACHED_SUCCESS;
>          }
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/libmemcached/+bug/1104642/+subscriptions

Brian Aker (brianaker) on 2013-02-01

Changed in libmemcached:
status:	In Progress → Fix Committed
milestone:	none → 1.0.16

Brian Aker (brianaker) on 2013-02-01

Changed in libmemcached:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.