From a633338b55b453752a88134299cd93d9a01997d0 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 4 Aug 2023 10:36:06 +0200 Subject: [PATCH] BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room() sc_need_room() function may be called with a negative value. In this case, the intent is to be notified if any space was made in the channel buffer. In the function, we get the min between the requested room and the maximum possible room in the buffer, considering it may be an HTX buffer. However this max value is unsigned and leads to an unsigned comparison, casting the negative value to an unsigned value. Of course, in this case, this always leads to the wrong result. This bug seems to have no effect but it is hard to be sure. To fix the issue, we take care to respect the requested room sign by casting the max value to a signed integer. This patch must be backported to 2.8. --- include/haproxy/stconn.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/haproxy/stconn.h b/include/haproxy/stconn.h index 8d9ac6650..ac2cbd84e 100644 --- a/include/haproxy/stconn.h +++ b/include/haproxy/stconn.h @@ -457,7 +457,7 @@ static inline void sc_have_room(struct stconn *sc) static inline void sc_need_room(struct stconn *sc, ssize_t room_needed) { sc->flags |= SC_FL_NEED_ROOM; - sc->room_needed = MIN(global.tune.bufsize - global.tune.maxrewrite - sizeof(struct htx), room_needed); + sc->room_needed = MIN((ssize_t)(global.tune.bufsize - global.tune.maxrewrite - sizeof(struct htx)), room_needed); } /* The stream endpoint indicates that it's ready to consume data from the