_msgpack_buffer_add_new_chunk zero-out the newly allocated tail

Fix: #342

Reseting the memory in _msgpack_buffer_alloc_new_chunk was pointless
because the previous `tail` is immediately copied into it, and it's
the `tail` that is then used by the caller. So it's the `tail` we
should zero-out.

Author: byroot

ext/msgpack/buffer.c

@@ -257,15 +257,15 @@ static inline msgpack_buffer_chunk_t* _msgpack_buffer_alloc_new_chunk(msgpack_bu
     } else {
         chunk = xmalloc(sizeof(msgpack_buffer_chunk_t));
     }
-    memset(chunk, 0, sizeof(msgpack_buffer_chunk_t));
     return chunk;
 }
 
 static inline void _msgpack_buffer_add_new_chunk(msgpack_buffer_t* b)
 {
     if(b->head == &b->tail) {
         if(b->tail.first == NULL) {
-            /* empty buffer */
+            /* The buffer is empty, we can just use the embeded tail directly */
+            memset(&b->tail, 0, sizeof(msgpack_buffer_chunk_t));
             return;
         }
 
@@ -295,6 +295,7 @@ static inline void _msgpack_buffer_add_new_chunk(msgpack_buffer_t* b)
         before_tail->next = nc;
         nc->next = &b->tail;
     }
+    memset(&b->tail, 0, sizeof(msgpack_buffer_chunk_t));
 }
 
 static inline void _msgpack_buffer_append_reference(msgpack_buffer_t* b, VALUE string)
@@ -315,7 +316,6 @@ static inline void _msgpack_buffer_append_reference(msgpack_buffer_t* b, VALUE s
     b->tail.first = (char*) data;
     b->tail.last = (char*) data + length;
     b->tail.mapped_string = mapped_string;
-    b->tail.mem = NULL;
 
     /* msgpack_buffer_writable_size should return 0 for mapped chunk */
     b->tail_buffer_end = b->tail.last;
@@ -344,6 +344,8 @@ static inline void* _msgpack_buffer_chunk_malloc(
         msgpack_buffer_t* b, msgpack_buffer_chunk_t* c,
         size_t required_size, size_t* allocated_size)
 {
+    c->mapped_string = NO_MAPPED_STRING;
+
     if(required_size <= MSGPACK_RMEM_PAGE_SIZE) {
         c->rmem = true;