From 0c535683eef05b420d7bf0b25cf38820d02333fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Thu, 23 Jun 2022 17:47:10 +0200 Subject: [PATCH] BUG/MINOR: quic: Wrong reuse of fulfilled dgram RX buffer After having fulfilled a buffer, then marked it as full, we must consume the remaining space. But to do that, and not to erase the already existing data, we must check there is not remaining data in after the tail of the buffer (between the tail and the head). This is done adding a condition to test that adding the number of bytes from the remaining contiguous space to the tail does not pass the wrapping postion in the buffer. Must be backported to 2.6. --- src/quic_sock.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/quic_sock.c b/src/quic_sock.c index a391006af..4444ab858 100644 --- a/src/quic_sock.c +++ b/src/quic_sock.c @@ -310,6 +310,12 @@ void quic_sock_fd_iocb(int fd) if (cspace < max_sz) { struct quic_dgram *dgram; + /* Do no mark as full, and do not try to consume it + * if the contiguous remmaining space is not at the end + */ + if (b_tail(buf) + cspace < b_wrap(buf)) + goto out; + /* Allocate a fake datagram, without data to locate * the end of the RX buffer (required during purging). */ @@ -319,11 +325,11 @@ void quic_sock_fd_iocb(int fd) dgram->len = cspace; LIST_APPEND(&rxbuf->dgrams, &dgram->list); + /* Consume the remaining space */ b_add(buf, cspace); if (b_contig_space(buf) < max_sz) goto out; - } dgram_buf = (unsigned char *)b_tail(buf);