From 4e925ca2600ad2c28e4799b47aafb9787ddde35f Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 21 Oct 2020 20:22:50 +0200
Subject: [PATCH] stream: harden data size handling

Handle edge cases around ACKs and last_ack getting below
'app_progress', which can happen during shutdown of a flow
with multiple GAPs.
---
 src/stream-tcp-reassemble.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/stream-tcp-reassemble.c b/src/stream-tcp-reassemble.c
index 006d908455..6b3ace4f17 100644
--- a/src/stream-tcp-reassemble.c
+++ b/src/stream-tcp-reassemble.c
@@ -1057,9 +1057,10 @@ static inline uint32_t AdjustToAcked(const Packet *p,
                 /* get max absolute offset */
                 last_ack_abs += delta;
             }
+            DEBUG_VALIDATE_BUG_ON(app_progress > last_ack_abs);
 
             /* see if the buffer contains unack'd data as well */
-            if (app_progress + data_len > last_ack_abs) {
+            if (app_progress <= last_ack_abs && app_progress + data_len > last_ack_abs) {
                 uint32_t check = data_len;
                 adjusted = last_ack_abs - app_progress;
                 BUG_ON(adjusted > check);
-- 
2.47.2