Hi Thayne,
On Sun, Apr 11, 2021 at 11:26:59PM -0600, Thayne McCombs wrote:
> Adjust the size of the sample buffer before we change the "area"
> pointer. The change in size is calculated as the difference between the
> original pointer and the new start pointer. But since the
> `smp->data.u.str.area` assignment results in `smp->data.u.str.area` and
> `start` being the same pointer, we always ended up substracting zero.
> This changes it to change the size by the actual amount it changed.
>
> I'm not entirely sure what the impact of this is, but the previous code
> seemed wrong.
So I carefully reviewed it, and not only you're totally right, but I
could figure in which case it is harmful. All accesses limit themselves
to the amount of data except one, the binary key padding for a stick
table. So it is technically possible to use it to write zeroes past the
end of the string in such a construct where <table> is of type binary
with keys at least as large as your buffers (lots of 'if') :
hdr(foo),field(2,:),in_table(table)
Thus I tagged it "MEDIUM" in the end.
Thank you!
Willy
