From 5966e4064156a10bca3a3051eb0a19b40c1ad0ed Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 8 Jul 2022 09:02:59 +0200 Subject: [PATCH] BUG/MINOR: mux-h1: Be sure to commit htx changes in the demux buffer When a buffer area is casted to an htx message, depending on the method used, the underlying buffer may be updated or not. The htxbuf() function does not change the buffer state. We assume the buffer was already prepared to store an htx message. htx_from_buf() on its side, updates the buffer. With the first function, we only need to commit changes to the underlying buffer if the htx message is changed. With last one, we must always commit the changes. The idea is to be sure to keep non-empty HTX messages while an empty message must be lead to an empty buffer after commit. All that said because in h1_process_demux(), the changes is not always committed as expected. When the demux is blocked, we just leave the function. So it is possible to have an empty htx message stored in a buffer that appears non-empty. It is not critical, but the buffer cannot be released in this state. And we should always release an empty buffer. This patch must be backported as far as 2.4. --- src/mux_h1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mux_h1.c b/src/mux_h1.c index 929867b00..cd4dc39d5 100644 --- a/src/mux_h1.c +++ b/src/mux_h1.c @@ -1864,7 +1864,6 @@ static size_t h1_process_demux(struct h1c *h1c, struct buffer *buf, size_t count b_del(&h1c->ibuf, total); - htx_to_buf(htx, buf); TRACE_DEVEL("incoming data parsed", H1_EV_RX_DATA, h1c->conn, h1s, htx, (size_t[]){ret}); ret = htx->data - data; @@ -1964,6 +1963,7 @@ static size_t h1_process_demux(struct h1c *h1c, struct buffer *buf, size_t count } end: + htx_to_buf(htx, buf); TRACE_LEAVE(H1_EV_RX_DATA, h1c->conn, h1s, htx, (size_t[]){ret}); return ret;