MINOR: quic: fix handling of out-of-order received STREAM frames

The recent changes was not complete.
  d1c76f24fdf1cfb85e574cb1ef0c773b74bee32a
  MINOR: quic: do not modify offset node if quic_rx_strm_frm in tree

The frame length and data pointer should incremented after the data
copy. A BUG_ON statement has been added to detect an incorrect decrement
operaiton.

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index b05250973821e8c4625d85dc9649af3ccb719d5e..cefa4c6902103d447a340208ce7dd12a62928bd8 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2011,12 +2011,15 @@ static size_t qc_treat_rx_strm_frms(struct qcs *qcs)
                ret = qc_rx_strm_frm_cpy(&qcs->rx.buf, frm);
                qcs->rx.offset += ret;
                total += ret;
-               if (frm->len) {
-                       /* If there is remaining data in this frame
-                        * this is because the destination buffer is full.
+
+               BUG_ON(frm->len < ret);
+               if (frm->len - ret > 0) {
+                       /* Remove the frame from the tree before updating the
+                        * offset field.
                         */
                        eb64_delete(&frm->offset_node);
                        frm->offset_node.key += ret;
+                       frm->data += ret;
                        frm->len -= ret;
                        eb64_insert(&qcs->rx.frms, &frm->offset_node);
                        break;