From: Christopher Faulet Date: Tue, 26 May 2026 16:15:25 +0000 (+0200) Subject: BUG/MINOR: mux-spop: Use relative offset to compute contig data in demux buf X-Git-Tag: v3.4-dev14~2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=010ab9798e506cdf3708869b3fa4a66e32a35909;p=thirdparty%2Fhaproxy.git BUG/MINOR: mux-spop: Use relative offset to compute contig data in demux buf b_contig_data() should be called with a head-relative offset (0 for the beginning of readable data). However, in the SPOP multiplexer, to get contiguous data available in the demux buffer, it is called with b_head_ofs(dbuf) which returns an absolute buffer position (b->head). So b->head is counted twice. Because of this bug, the demux buffer could be realigned while it should not and conversely. Instead, the offset 0 must be used. So let's fix it. This patch must be backported as far as 3.2. --- diff --git a/src/mux_spop.c b/src/mux_spop.c index c3ca4ac7d..380384ed1 100644 --- a/src/mux_spop.c +++ b/src/mux_spop.c @@ -1652,7 +1652,7 @@ static int spop_conn_handle_hello(struct spop_conn *spop_conn) return 0; } - if (unlikely(b_contig_data(dbuf, b_head_ofs(dbuf)) < spop_conn->dfl)) { + if (unlikely(b_contig_data(dbuf, 0) < spop_conn->dfl)) { /* Realign the dmux buffer if the frame wraps. It is unexpected * at this stage because it should be the first record received * from the FCGI application. @@ -1824,7 +1824,7 @@ static int spop_conn_handle_disconnect(struct spop_conn *spop_conn) return 0; } - if (unlikely(b_contig_data(dbuf, b_head_ofs(dbuf)) < spop_conn->dfl)) { + if (unlikely(b_contig_data(dbuf, 0) < spop_conn->dfl)) { /* Realign the dmux buffer if the frame wraps. It is unexpected * at this stage because it should be the first record received * from the FCGI application. @@ -1936,7 +1936,7 @@ static int spop_conn_handle_ack(struct spop_conn *spop_conn, struct spop_strm *s return 0; } - if (unlikely(b_contig_data(dbuf, b_head_ofs(dbuf)) < spop_conn->dfl)) { + if (unlikely(b_contig_data(dbuf, 0) < spop_conn->dfl)) { /* Realign the dmux buffer if the frame wraps. It is unexpected * at this stage because it should be the first record received * from the FCGI application.