BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing

BUG_ON() assertion to check for incomplete SETTINGS frame is incorrect. It should check if frame length is greater, not smaller, than current buffer data. Anyway, this BUG_ON() is useless as h3_decode_qcs() prevents parsing of an incomplete frame, except for H3 DATA. Remove it to fix this bug. This bug was introduced in the current dev tree by commit commit 62eef85961f4a2a241e0b24ef540cc91f156b842 MINOR: mux-quic: simplify decode_qcs API Thus it does not need to be backported. This fixes crashes which happen with DEBUG_STRICT=2. Most notably, this is reproducible with clients that emit more than just a SETTINGS frame on the H3 control stream. It can be reproduced with aioquic for example.
2025-09-27 16:51:30 +02:00 · 2022-06-08 18:21:32 +02:00 · 2022-06-08 18:21:32 +02:00 · 1cd43aa194
commit 1cd43aa194
parent af936762d0
1 changed files with 0 additions and 3 deletions
--- a/src/h3.c
+++ b/src/h3.c
@ -500,9 +500,6 @@ static ssize_t h3_parse_settings_frm(struct h3c *h3c, const struct buffer *buf,
 	/* Work on a copy of <buf>. */
 	b = b_make(b_orig(buf), b_size(buf), b_head_ofs(buf), b_data(buf));

-	/* TODO handle incomplete SETTINGS frame */
-	BUG_ON(len < b_data(&b));
-
 	while (b_data(&b)) {
 		if (!b_quic_dec_int(&id, &b, &ret) || !b_quic_dec_int(&value, &b, &ret)) {
 			h3c->err = H3_FRAME_ERROR;