This is an automated email from the ASF dual-hosted git repository. cmcfarlen pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/trafficserver.git
commit 34a56b44f5ca38e5a04d334cc23e4f95dff6605d Author: Brian Neradt <[email protected]> AuthorDate: Wed Aug 7 11:51:58 2024 -0500 multiplexer: fix consume of too many bytes (#11499) IOBufferReader::consume contractually assumes that all callers of it will not consume more bytes than read_avail for the buffer chain. This adds a debug assertion for this and fixes multiplexer so that it doesn't violate this invariant. (cherry picked from commit 6774984a3f71f7473092d1af7ba99a004e8890d9) --- plugins/multiplexer/fetcher.h | 2 ++ src/iocore/eventsystem/P_IOBuffer.h | 1 + 2 files changed, 3 insertions(+) diff --git a/plugins/multiplexer/fetcher.h b/plugins/multiplexer/fetcher.h index a1a249187c..6a51928b2d 100644 --- a/plugins/multiplexer/fetcher.h +++ b/plugins/multiplexer/fetcher.h @@ -213,6 +213,8 @@ template <class T> struct HttpTransaction { self->t_.header(self->parser_.buffer_, self->parser_.location_); self->parsingHeaders_ = false; } + // Parsing headers will indirectly read from our reader. Update available accordingly. + available = TSIOBufferReaderAvail(self->in_->reader); } if (!self->parsingHeaders_) { if (self->chunkDecoder_ != NULL) { diff --git a/src/iocore/eventsystem/P_IOBuffer.h b/src/iocore/eventsystem/P_IOBuffer.h index b6fd9eeee9..17513926f5 100644 --- a/src/iocore/eventsystem/P_IOBuffer.h +++ b/src/iocore/eventsystem/P_IOBuffer.h @@ -551,6 +551,7 @@ IOBufferReader::is_read_avail_more_than(int64_t size) TS_INLINE void IOBufferReader::consume(int64_t n) { + ink_assert(read_avail() >= n); start_offset += n; if (size_limit != INT64_MAX) { size_limit -= n;
