From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 29 Oct 2009 07:39:15 +0000 (+1300)
Subject: Author: Alex Rousskov <rousskov@measurement-factory.com>
X-Git-Tag: SQUID_3_1_0_15~56
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d5bf93050b2b2652e241edc87d17b3160e72c3b0;p=thirdparty%2Fsquid.git

Author: Alex Rousskov <rousskov@measurement-factory.com>
Bug 2791: assertion failed: MemBuf.cc:400: new_cap > (size_t) capacity

Limit input buffer reads to the avilable space.
---

diff --git a/src/Server.cc b/src/Server.cc
index 44c53caac5..5f00e52295 100644
--- a/src/Server.cc
+++ b/src/Server.cc
@@ -832,8 +832,15 @@ ServerStateData::storeReplyBody(const char *data, ssize_t len)
     currentOffset += len;
 }
 
-size_t ServerStateData::replyBodySpace(size_t space)
+size_t ServerStateData::replyBodySpace(const MemBuf &readBuf,
+                                       const size_t minSpace) const
 {
+    size_t space = readBuf.spaceSize(); // available space w/o heroic measures
+    if (space < minSpace) {
+        const size_t maxSpace = readBuf.potentialSpaceSize(); // absolute best
+        space = min(minSpace, maxSpace); // do not promise more than asked
+    }
+
 #if USE_ADAPTATION
     if (responseBodyBuffer) {
         return 0;	// Stop reading if already overflowed waiting for ICAP to catch up
diff --git a/src/Server.h b/src/Server.h
index 611f0c0930..cf6516ca14 100644
--- a/src/Server.h
+++ b/src/Server.h
@@ -167,7 +167,7 @@ protected:
     void adaptOrFinalizeReply();
     void addVirginReplyBody(const char *buf, ssize_t len);
     void storeReplyBody(const char *buf, ssize_t len);
-    size_t replyBodySpace(size_t space = 4096 * 10);
+    size_t replyBodySpace(const MemBuf &readBuf, const size_t minSpace) const;
 
     // These should be private
     int64_t currentOffset;	/**< Our current offset in the StoreEntry */
diff --git a/src/ftp.cc b/src/ftp.cc
index eacd38004f..8541d7ab4c 100644
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -1299,7 +1299,7 @@ FtpStateData::maybeReadVirginBody()
     if (data.read_pending)
         return;
 
-    int read_sz = replyBodySpace(data.readBuf->spaceSize());
+    const int read_sz = replyBodySpace(*data.readBuf, 0);
 
     debugs(11,9, HERE << "FTP may read up to " << read_sz << " bytes");
 
diff --git a/src/http.cc b/src/http.cc
index 98f26cfb22..d1fbe8bd1b 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -1347,7 +1347,9 @@ HttpStateData::processReplyBody()
 void
 HttpStateData::maybeReadVirginBody()
 {
-    int read_sz = replyBodySpace(readBuf->spaceSize());
+    // we may need to grow the buffer if headers do not fit
+    const int minRead = flags.headers_parsed ? 0 :1024;
+    const int read_sz = replyBodySpace(*readBuf, minRead);
 
     debugs(11,9, HERE << (flags.do_next_read ? "may" : "wont") <<
            " read up to " << read_sz << " bytes from FD " << fd);
@@ -1360,12 +1362,8 @@ HttpStateData::maybeReadVirginBody()
      * handler until we get a notification from someone that
      * its okay to read again.
      */
-    if (read_sz < 2) {
-        if (flags.headers_parsed)
-            return;
-        else
-            read_sz = 1024;
-    }
+    if (read_sz < 2)
+        return;
 
     if (flags.do_next_read) {
         flags.do_next_read = 0;