BUG/MEDIUM: stconn: Fix comparison sign in sc_need_room()

sc_need_room() function may be called with a negative value. In this case,
the intent is to be notified if any space was made in the channel buffer. In
the function, we get the min between the requested room and the maximum
possible room in the buffer, considering it may be an HTX buffer.

However this max value is unsigned and leads to an unsigned comparison,
casting the negative value to an unsigned value. Of course, in this case,
this always leads to the wrong result. This bug seems to have no effect but
it is hard to be sure.

To fix the issue, we take care to respect the requested room sign by casting
the max value to a signed integer.

This patch must be backported to 2.8.

diff --git a/include/haproxy/stconn.h b/include/haproxy/stconn.h
index 8d9ac665060d418335e61c24ea1729fdcb7ceef8..ac2cbd84eaa975f8501e7a1c7d73fea4ab3268a4 100644 (file)
--- a/include/haproxy/stconn.h
+++ b/include/haproxy/stconn.h
@@ -457,7 +457,7 @@ static inline void sc_have_room(struct stconn *sc)
 static inline void sc_need_room(struct stconn *sc, ssize_t room_needed)
 {
        sc->flags |= SC_FL_NEED_ROOM;
-       sc->room_needed = MIN(global.tune.bufsize - global.tune.maxrewrite - sizeof(struct htx), room_needed);
+       sc->room_needed = MIN((ssize_t)(global.tune.bufsize - global.tune.maxrewrite - sizeof(struct htx)), room_needed);
 }
 
 /* The stream endpoint indicates that it's ready to consume data from the