You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@trafficserver.apache.org by bc...@apache.org on 2015/04/14 21:36:44 UTC

[2/2] trafficserver git commit: TS-3513: HTTP/2 core dump - Fixed problem with cursor not advancing during parsing

TS-3513: HTTP/2 core dump - Fixed problem with cursor not advancing during
parsing


Project: http://git-wip-us.apache.org/repos/asf/trafficserver/repo
Commit: http://git-wip-us.apache.org/repos/asf/trafficserver/commit/c51da933
Tree: http://git-wip-us.apache.org/repos/asf/trafficserver/tree/c51da933
Diff: http://git-wip-us.apache.org/repos/asf/trafficserver/diff/c51da933

Branch: refs/heads/master
Commit: c51da9331edac862b623c94588b2237830eb4db6
Parents: c200983
Author: Bryan Call <bc...@apache.org>
Authored: Mon Apr 13 17:03:23 2015 -0500
Committer: Bryan Call <bc...@apache.org>
Committed: Tue Apr 14 14:36:34 2015 -0500

----------------------------------------------------------------------
 proxy/http2/HPACK.cc | 2 +-
 proxy/http2/HTTP2.cc | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c51da933/proxy/http2/HPACK.cc
----------------------------------------------------------------------
diff --git a/proxy/http2/HPACK.cc b/proxy/http2/HPACK.cc
index f12d7e4..4dd4eb0 100644
--- a/proxy/http2/HPACK.cc
+++ b/proxy/http2/HPACK.cc
@@ -534,7 +534,7 @@ decode_string(Arena &arena, char **str, uint32_t &str_length, const uint8_t *buf
     return HPACK_ERROR_COMPRESSION_ERROR;
   p += len;
 
-  if (encoded_string_len > HEADER_FIELD_LIMIT_LENGTH || buf_start + encoded_string_len >= buf_end) {
+  if (encoded_string_len > HEADER_FIELD_LIMIT_LENGTH || (p + encoded_string_len) > buf_end) {
     return HPACK_ERROR_COMPRESSION_ERROR;
   }
 

http://git-wip-us.apache.org/repos/asf/trafficserver/blob/c51da933/proxy/http2/HTTP2.cc
----------------------------------------------------------------------
diff --git a/proxy/http2/HTTP2.cc b/proxy/http2/HTTP2.cc
index f971938..6a8b290 100644
--- a/proxy/http2/HTTP2.cc
+++ b/proxy/http2/HTTP2.cc
@@ -629,10 +629,10 @@ http2_write_header_fragment(HTTPHdr *in, MIMEFieldIter &field_iter, uint8_t *out
 int64_t
 http2_parse_header_fragment(HTTPHdr *hdr, IOVec iov, Http2DynamicTable &dynamic_table, bool cont)
 {
-  uint8_t *buf_start = (uint8_t *)iov.iov_base;
-  uint8_t *buf_end = (uint8_t *)iov.iov_base + iov.iov_len;
+  const uint8_t *buf_start = (uint8_t *)iov.iov_base;
+  const uint8_t *buf_end = buf_start + iov.iov_len;
 
-  uint8_t *cursor = buf_start;
+  uint8_t *cursor = (uint8_t *)iov.iov_base; // place the cursor at the start
   HdrHeap *heap = hdr->m_heap;
   HTTPHdrImpl *hh = hdr->m_http;