From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 30 May 2022 09:58:06 +0000 (+0200)
Subject: BUG/MINOR: qpack: fix buffer API usage on prefix integer encoding
X-Git-Tag: v2.6.0~37
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5f6de8d77a75d13e95658ba04beb22b24f37e77d;p=thirdparty%2Fhaproxy.git

BUG/MINOR: qpack: fix buffer API usage on prefix integer encoding

Replace bogus call b_data() by b_room() to check if there is enough
space left in the buffer before encoding a prefix integer.

At this moment, no real scenario was found to trigger a bug related to
this change. This is probably because the buffer always contains data
(field section line and status code) before calling
qpack_encode_prefix_integer() which prevents an occurrence of this bug.
---

diff --git a/src/qpack-enc.c b/src/qpack-enc.c
index fca2539f4a..5c4b99f410 100644
--- a/src/qpack-enc.c
+++ b/src/qpack-enc.c
@@ -33,13 +33,13 @@ static int qpack_encode_prefix_integer(struct buffer *out, int i, int prefix_siz
 	BUG_ON(!prefix_size);
 
 	if (i < (1 << prefix_size) - 1) {
-		if (b_data(out) < 1)
+		if (b_room(out) < 1)
 			return 1;
 
 		b_putchr(out, before_prefix | i);
 	}
 	else {
-		if (b_data(out) < 2)
+		if (b_room(out) < 2)
 			return 1;
 
 		b_putchr(out, before_prefix | ((1 << prefix_size) - 1));