summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfanxb <fxb_mail@163.com>2022-06-17 16:19:43 +0800
committerFlorin Coras <florin.coras@gmail.com>2022-06-29 02:15:30 +0000
commit6777efdda0776b00c68d1fd36c02c33df93716dd (patch)
treea8d12b0a12394cbfadca9bf5649173d6b6065e4e
parent996550c62f96a8b0ba05207f4266a3f3b9175d7d (diff)
quic:fix crash rx_fifo full or grow
if when the rx_fifo grows, svm_fifo_enqueue() return -4, stream_data->app_rx_data_len += rlen type conversion occurs, Finally,stream->recvstate.data_off calculation is wrong. Type:fix Signed-off-by: fanxb <fxb_mail@163.com> Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90 (cherry picked from commit 5b4b4c05ff06b866b90b0df9b2be2ed28e606f16)
-rw-r--r--src/plugins/quic/quic.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c
index 3655f9538b8..26113066014 100644
--- a/src/plugins/quic/quic.c
+++ b/src/plugins/quic/quic.c
@@ -876,6 +876,14 @@ quic_on_receive (quicly_stream_t * stream, size_t off, const void *src,
{
/* Streams live on the same thread so (f, stream_data) should stay consistent */
rlen = svm_fifo_enqueue (f, len, (u8 *) src);
+ if (PREDICT_FALSE (rlen < 0))
+ {
+ /*
+ * drop, fifo full
+ * drop, fifo grow
+ */
+ return;
+ }
QUIC_DBG (3, "Session [idx %u, app_wrk %u, ti %u, rx-fifo 0x%llx]: "
"Enqueuing %u (rlen %u) at off %u in %u space, ",
stream_session->session_index,
@@ -898,6 +906,14 @@ quic_on_receive (quicly_stream_t * stream, size_t off, const void *src,
rlen = svm_fifo_enqueue_with_offset (f,
off - stream_data->app_rx_data_len,
len, (u8 *) src);
+ if (PREDICT_FALSE (rlen < 0))
+ {
+ /*
+ * drop, fifo full
+ * drop, fifo grow
+ */
+ return;
+ }
QUIC_ASSERT (rlen == 0);
}
return;