> Calling memset() would be incorrect in this case even if you were concerned about a NULL character
How is it incorrect? memcached_response never writes the last byte of the buffer, so whatever it writes will be guaranteed to be null terminated.
> i.e. the minimal change would be to insert a NULL character in the buffer after looked at the length of the returned string from memcached_response()
You can't look at the length of the returned string as the buffer is already corrupted at that point and memcached_response does not return the length either. That's why the buffer needs to be zeroed before passing it in. There's a reason multiple people reviewed and signed off on this patch.
> but you don't have to do that because it is already done for you
> I mentioned the error path only because in that path there is no guarantee that a NULL would be added to the buffer
Once again, you fail to cite where this is ostensibly "already done". The non-error path does not add a null termination, I double checked.
> Calling memset() would be incorrect in this case even if you were concerned about a NULL character
How is it incorrect? memcached_response never writes the last byte of the buffer, so whatever it writes will be guaranteed to be null terminated.
> i.e. the minimal change would be to insert a NULL character in the buffer after looked at the length of the returned string from memcached_ response( )
You can't look at the length of the returned string as the buffer is already corrupted at that point and memcached_response does not return the length either. That's why the buffer needs to be zeroed before passing it in. There's a reason multiple people reviewed and signed off on this patch.
> but you don't have to do that because it is already done for you
> I mentioned the error path only because in that path there is no guarantee that a NULL would be added to the buffer
Once again, you fail to cite where this is ostensibly "already done". The non-error path does not add a null termination, I double checked.