This is an automated email from the ASF dual-hosted git repository.

cmcfarlen pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/trafficserver.git

commit 34a56b44f5ca38e5a04d334cc23e4f95dff6605d
Author: Brian Neradt <[email protected]>
AuthorDate: Wed Aug 7 11:51:58 2024 -0500

    multiplexer: fix consume of too many bytes (#11499)
    
    IOBufferReader::consume contractually assumes that all callers of it
    will not consume more bytes than read_avail for the buffer chain. This
    adds a debug assertion for this and fixes multiplexer so that it doesn't
    violate this invariant.
    
    (cherry picked from commit 6774984a3f71f7473092d1af7ba99a004e8890d9)
---
 plugins/multiplexer/fetcher.h       | 2 ++
 src/iocore/eventsystem/P_IOBuffer.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/plugins/multiplexer/fetcher.h b/plugins/multiplexer/fetcher.h
index a1a249187c..6a51928b2d 100644
--- a/plugins/multiplexer/fetcher.h
+++ b/plugins/multiplexer/fetcher.h
@@ -213,6 +213,8 @@ template <class T> struct HttpTransaction {
             self->t_.header(self->parser_.buffer_, self->parser_.location_);
             self->parsingHeaders_ = false;
           }
+          // Parsing headers will indirectly read from our reader. Update 
available accordingly.
+          available = TSIOBufferReaderAvail(self->in_->reader);
         }
         if (!self->parsingHeaders_) {
           if (self->chunkDecoder_ != NULL) {
diff --git a/src/iocore/eventsystem/P_IOBuffer.h 
b/src/iocore/eventsystem/P_IOBuffer.h
index b6fd9eeee9..17513926f5 100644
--- a/src/iocore/eventsystem/P_IOBuffer.h
+++ b/src/iocore/eventsystem/P_IOBuffer.h
@@ -551,6 +551,7 @@ IOBufferReader::is_read_avail_more_than(int64_t size)
 TS_INLINE void
 IOBufferReader::consume(int64_t n)
 {
+  ink_assert(read_avail() >= n);
   start_offset += n;
   if (size_limit != INT64_MAX) {
     size_limit -= n;

Reply via email to