BUG/MINOR: qpack: fix sign bit mask in qpack_decode_fs_pfx()

The sign bit of the Delta Base integer encoding was extracted using
mask 0x8 (bit 3) instead of 0x80 (bit 7). This was likely a copy-paste
error from other QPACK instructions using 3-bit varints.

According to RFC 9204 Section 5.2.1, for prefix instructions, the sign
bit 'S' is the most significant bit (bit 7) of the first byte, followed
by a 7-bit varint.

This fix is harmless for current HTTP/3 traffic: per RFC 9204, the Delta
Base calculation is strictly used for dynamic table entry references.
Since HAProxy's QPACK dynamic table is currently disabled and the extracted
sign bit is not yet used in the decoding logic (only in debug prints),
this code path has no impact on production for now.

Must be backported to all versions.

diff --git a/src/qpack-dec.c b/src/qpack-dec.c
index 886a7f34b545b4fa0c75ecaa0625d12d6011e413..06642b5ea09519185132b3f7287ee684c47c1121 100644 (file)
--- a/src/qpack-dec.c
+++ b/src/qpack-dec.c
@@ -239,7 +239,7 @@ static int qpack_decode_fs_pfx(uint64_t *enc_ric, uint64_t *db, int *sign_bit,
                return -QPACK_RET_TRUNCATED;
 
        /* Safe access to the sign bit thanks to the check above */
-       *sign_bit = **raw & 0x8;
+       *sign_bit = **raw & 0x80;
        *db = qpack_get_varint(raw, len, 7);
        if (*len == (uint64_t)-1)
                return -QPACK_RET_DB;