Comment 2 for bug 541330

I committed this patch:

Index: camessage.c
===================================================================
RCS file: /net/phoebus/epicsmgr/cvsroot/epics/base/src/rsrv/camessage.c,v
retrieving revision 1.105.2.10
diff -c -b -r1.105.2.10 camessage.c
*** camessage.c 17 Aug 2007 22:31:10 -0000 1.105.2.10
--- camessage.c 7 Sep 2007 17:03:09 -0000
***************
*** 24,29 ****
--- 24,30 ----
  #include "osiSock.h"
  #include "osiPoolStatus.h"
  #include "epicsEvent.h"
+ #include "epicsStdio.h"
  #include "epicsThread.h"
  #include "epicsMutex.h"
  #include "epicsTime.h"
***************
*** 134,139 ****
--- 135,141 ----
  va_list args
  )
  {
+ static const ca_uint32_t maxDiagLen = 512;
      struct channel_in_use *pciu;
      caHdr *pReqOut;
      char *pMsgString;
***************
*** 174,180 ****
       * allocate plenty of space for a sprintf() buffer
       */
      localStatus = cas_copy_in_header ( client,
! CA_PROTO_ERROR, 512, 0, 0, cid, status,
          ( void * ) &pReqOut );
      if ( localStatus != ECA_NORMAL ) {
          errlogPrintf ( "caserver: Unable to deliver err msg "%s" to client because "%s"\n",
--- 176,182 ----
       * allocate plenty of space for a sprintf() buffer
       */
      localStatus = cas_copy_in_header ( client,
! CA_PROTO_ERROR, maxDiagLen, 0, 0, cid, status,
          ( void * ) &pReqOut );
      if ( localStatus != ECA_NORMAL ) {
          errlogPrintf ( "caserver: Unable to deliver err msg "%s" to client because "%s"\n",
***************
*** 215,223 ****
      /*
       * add their context string into the protocol
       */
! status = vsprintf ( pMsgString, pformat, args );
! if ( status >= 0 ) {
! size += ( ( ca_uint32_t ) status ) + 1u;
      }
      cas_commit_msg ( client, size );
  }
--- 217,236 ----
      /*
       * add their context string into the protocol
       */
! localStatus = epicsVsnprintf ( pMsgString, maxDiagLen, pformat, args );
! if ( localStatus >= 1 ) {
! unsigned diagLen = ( unsigned ) localStatus;
! if ( diagLen < maxDiagLen ) {
! size += (ca_uint32_t) (diagLen + 1u);
! }
! else {
! errlogPrintf (
! "caserver: vsend_err: epicsVsnprintf detected "
! "error message truncation, pFormat = "%s"\n",
! pformat );
! size += maxDiagLen;
! pMsgString [ maxDiagLen - 1 ] = '\0';
! }
      }
      cas_commit_msg ( client, size );
  }
***************
*** 495,501 ****
      struct channel_in_use *pciu = pevext->pciu;
      const int readAccess = asCheckGet ( pciu->asClientPVT );
      int status;
- int strcnt;
      int v41;

      SEND_LOCK ( pClient );
--- 508,513 ----
***************
*** 575,581 ****
          }
      }
      else {
! ca_uint32_t msgSize = pevext->size;
          int cacStatus = caNetConvert (
              pevext->msg.m_dataType, pPayload, pPayload,
              TRUE /* host -> net format */, pevext->msg.m_count );
--- 587,593 ----
          }
      }
      else {
! ca_uint32_t payloadSize = pevext->size;
          int cacStatus = caNetConvert (
              pevext->msg.m_dataType, pPayload, pPayload,
              TRUE /* host -> net format */, pevext->msg.m_count );
***************
*** 586,601 ****
              */
              if ( pevext->msg.m_dataType == DBR_STRING
                  && pevext->msg.m_count == 1 ) {
! /* add 1 so that the string terminator will be shipped */
! strcnt = strlen ( (char *) pPayload ) + 1;
! msgSize = strcnt;
              }
          }
          else {
! memset ( pPayload, 0, msgSize );
              cas_set_header_cid ( pClient, cacStatus );
       }
! cas_commit_msg ( pClient, msgSize );
      }

      /*
--- 598,622 ----
              */
              if ( pevext->msg.m_dataType == DBR_STRING
                  && pevext->msg.m_count == 1 ) {
! char * pStr = (char *) pPayload;
! size_t strcnt = strlen ( pStr );
! if ( strcnt < payloadSize ) {
! payloadSize = ( ca_uint32_t ) ( strcnt + 1u );
! }
! else {
! pStr[payloadSize-1] = '\0';
! errlogPrintf (
! "caserver: read_reply: detected DBR_STRING w/o nill termination "
! "in response from db_get_field, pPayload = "%s"\n",
! pStr );
! }
              }
          }
          else {
! memset ( pPayload, 0, payloadSize );
              cas_set_header_cid ( pClient, cacStatus );
       }
! cas_commit_msg ( pClient, payloadSize );
      }

      /*
***************
*** 620,626 ****
      ca_uint32_t payloadSize;
      void *pPayload;
      int status;
- int strcnt;
      int v41;

      if ( ! pciu ) {
--- 641,646 ----
***************
*** 686,698 ****
       * boundary
       */
      if ( mp->m_dataType == DBR_STRING && mp->m_count == 1 ) {
! /* add 1 so that the string terminator will be shipped */
! strcnt = strlen ( (char *) pPayload ) + 1;
! cas_commit_msg ( pClient, strcnt );
      }
      else {
! cas_commit_msg ( pClient, payloadSize );
      }

      SEND_UNLOCK ( pClient );

--- 706,725 ----
       * boundary
       */
      if ( mp->m_dataType == DBR_STRING && mp->m_count == 1 ) {
! char * pStr = (char *) pPayload;
! size_t strcnt = strlen ( pStr );
! if ( strcnt < payloadSize ) {
! payloadSize = ( ca_uint32_t ) ( strcnt + 1u );
          }
          else {
! pStr[payloadSize-1] = '\0';
! errlogPrintf (
! "caserver: read_action: detected DBR_STRING w/o nill termination "
! "in response from db_get_field, pPayload = "%s"\n",
! pStr );
! }
      }
+ cas_commit_msg ( pClient, payloadSize );

      SEND_UNLOCK ( pClient );