From e586458ec0c22c6a1f26b2d4dd98fec1f07fabc1 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 7 May 2026 10:28:51 +0200 Subject: [PATCH] BUG/MINOR: mux_quic: fix max stream ID reuse estimation The following patch adjusts QUIC mux avail_streams() to ensure maximum stream ID is never exceeded. commit 143d0034c912f1490812b6302f0dffb37f3ec02d BUG/MINOR: mux_quic: limit avail_streams() to 2^62 However, the calcul is incorrect, as member value is set to the next ID available, not the last one in use. Also, when the last stream is closed, it will be greater than QCS_ID_MAX_STRM_CL_BIDI, resulting in a substraction wrapping. Fix this by using the simplest approach. Return value of avail_streams() is only reduced if either the maximum stream ID limit is already exceeded, or there is only a single stream still usable. In other cases, return value is left as is. Note that this bug is unlikely to have any impact as the maximum stream ID is a very large value. This should be backported up to 3.3. --- src/mux_quic.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index ce27cc728..234762362 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -3287,9 +3287,11 @@ static int qmux_avail_streams(struct connection *conn) ret = MIN(ret, max_reuse); } - /* Ensure we do not exceed the maximum usable stream ID. */ - if (unlikely(ret > QCS_ID_MAX_STRM_CL_BIDI - qcc->next_bidi_l)) - ret = QCS_ID_MAX_STRM_CL_BIDI - qcc->next_bidi_l; + /* Do not exceed maximum usable stream ID. To simplify the calcul, + * limit is only applied when one or zero stream remains. + */ + if (ret && unlikely(qcc->next_bidi_l >= QCS_ID_MAX_STRM_CL_BIDI)) + ret = qcc->next_bidi_l == QCS_ID_MAX_STRM_CL_BIDI ? 1 : 0; return ret; }