Make some assertions nonfatal to help prevent bug23690 recurrence.

diff --git a/changes/bug23690_additional_032 b/changes/bug23690_additional_032
new file mode 100644 (file)
index 0000000..218917d
--- /dev/null
+++ b/changes/bug23690_additional_032
@@ -0,0 +1,4 @@
+  o Minor features (robustness):
+    - Change several fatal assertions when flushing buffers into
+      non-fatal assertions, to prevent any recurrence of 23690.
+

diff --git a/src/common/buffers.c b/src/common/buffers.c
index e9e44878321734462c5dd98313bb95f43477cb70..c45e13d55109d013d7abd7255c51d88f1339c614 100644 (file)
--- a/src/common/buffers.c
+++ b/src/common/buffers.c
@@ -648,8 +648,12 @@ buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz,
   size_t flushed = 0;
   tor_assert(buf_flushlen);
   tor_assert(SOCKET_OK(s));
-  tor_assert(*buf_flushlen <= buf->datalen);
-  tor_assert(sz <= *buf_flushlen);
+  if (BUG(*buf_flushlen > buf->datalen)) {
+    *buf_flushlen = buf->datalen;
+  }
+  if (BUG(sz > *buf_flushlen)) {
+    sz = *buf_flushlen;
+  }
 
   check();
   while (sz) {

diff --git a/src/common/buffers_tls.c b/src/common/buffers_tls.c
index 8dbd4bcc8eea219458ee033c7484a877bf74fee9..041f78b818602841ea179e9c241396b69e3a88f4 100644 (file)
--- a/src/common/buffers_tls.c
+++ b/src/common/buffers_tls.c
@@ -142,8 +142,12 @@ buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen,
   size_t flushed = 0;
   ssize_t sz;
   tor_assert(buf_flushlen);
-  tor_assert(*buf_flushlen <= buf->datalen);
-  tor_assert(flushlen <= *buf_flushlen);
+  if (BUG(*buf_flushlen > buf->datalen)) {
+    *buf_flushlen = buf->datalen;
+  }
+  if (BUG(flushlen > *buf_flushlen)) {
+    flushlen = *buf_flushlen;
+  }
   sz = (ssize_t) flushlen;
 
   /* we want to let tls write even if flushlen is zero, because it might