From: Willy Tarreau Date: Thu, 6 Dec 2018 13:07:27 +0000 (+0100) Subject: BUG/MEDIUM: mux-h2: use the correct offset for the HTX start line X-Git-Tag: v1.9-dev10~34 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8e162ee1f9208c87b0f0757f26dc2c53a5371ec4;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: mux-h2: use the correct offset for the HTX start line Due to a thinko, I used sl_off as the start line index number but it's not it, it's its offset. The first index is obtained using htx_get_head(), and the start line is obtained using htx_get_sline(). This caused crashes to happen when forwarding HTX traffic via the H2 mux once the HTX buffer started to wrap. No backport is needed. --- diff --git a/src/mux_h2.c b/src/mux_h2.c index e94ec67e55..0eb5fd21b8 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -3821,14 +3821,13 @@ static size_t h2s_htx_frt_make_resp_headers(struct h2s *h2s, struct htx *htx) } /* get the start line, we do have one */ - blk = htx_get_blk(htx, htx->sl_off); - sl = htx_get_blk_ptr(htx, blk); + sl = htx_get_stline(htx); h2s->status = sl->info.res.status; /* and the rest of the headers, that we dump starting at header 0 */ hdr = 0; - idx = htx->sl_off; + idx = htx_get_head(htx); // returns the SL that we skip while ((idx = htx_get_next(htx, idx)) != -1) { blk = htx_get_blk(htx, idx); type = htx_get_blk_type(blk); @@ -4047,15 +4046,14 @@ static size_t h2s_htx_bck_make_req_headers(struct h2s *h2s, struct htx *htx) } /* get the start line, we do have one */ - blk = htx_get_blk(htx, htx->sl_off); - sl = htx_get_blk_ptr(htx, blk); + sl = htx_get_stline(htx); meth = htx_sl_req_meth(sl); path = htx_sl_req_uri(sl); /* and the rest of the headers, that we dump starting at header 0 */ hdr = 0; - idx = htx->sl_off; + idx = htx_get_head(htx); // returns the SL that we skip while ((idx = htx_get_next(htx, idx)) != -1) { blk = htx_get_blk(htx, idx); type = htx_get_blk_type(blk);