From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 21 Feb 2022 18:08:44 +0000 (+0100)
Subject: MINOR: quic: fix handling of out-of-order received STREAM frames
X-Git-Tag: v2.6-dev2~97
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43235676507c9cb651e5d3b8bcd757858c37e1b6;p=thirdparty%2Fhaproxy.git

MINOR: quic: fix handling of out-of-order received STREAM frames

The recent changes was not complete.
  d1c76f24fdf1cfb85e574cb1ef0c773b74bee32a
  MINOR: quic: do not modify offset node if quic_rx_strm_frm in tree

The frame length and data pointer should incremented after the data
copy. A BUG_ON statement has been added to detect an incorrect decrement
operaiton.
---

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index b052509738..cefa4c6902 100644
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2011,12 +2011,15 @@ static size_t qc_treat_rx_strm_frms(struct qcs *qcs)
 		ret = qc_rx_strm_frm_cpy(&qcs->rx.buf, frm);
 		qcs->rx.offset += ret;
 		total += ret;
-		if (frm->len) {
-			/* If there is remaining data in this frame
-			 * this is because the destination buffer is full.
+
+		BUG_ON(frm->len < ret);
+		if (frm->len - ret > 0) {
+			/* Remove the frame from the tree before updating the
+			 * offset field.
 			 */
 			eb64_delete(&frm->offset_node);
 			frm->offset_node.key += ret;
+			frm->data += ret;
 			frm->len -= ret;
 			eb64_insert(&qcs->rx.frms, &frm->offset_node);
 			break;