Le 31/03/2017 à 14:26, Willy Tarreau a écrit :
On Fri, Mar 31, 2017 at 11:29:43AM +0200, Christopher Faulet wrote:
Willy,
I tagged this patch as a bug. But I don't found a way to hit it for now. It
can be backported or not, as you wish.
Thanks Christopher. I don't know either how to trigger it since the only
problematic case I've found is the one where input wraps, which doesn't
happen when we're processing data. However I agree that leaving such a bug
behind us is scary and a future fix might rely on this to work correctly
so I'd rather backport the fix anyway.
I checked your solution and for me it works fine in all situations. By
the way, just FYI, there aren't 3 cases to consider for a buffer, but at
least 5 ; here are the additional 2 ones (that your patch properly handles) :
- input may not wrap but end exactly at the end of the buffer, making
buf->p+buf->i == buf->data+buf->size, but bi_end() == buf->data. This
is a common error case when computing input lengths.
- the output data may end at the end of the buffer and the input be placed
at the beginning, causing buf->p to equal buf->data. Similarly it's a
common error case when computing output data length.
These situations cause trouble when not using the proper arithmetics. Either
all the computations are made without wrapping, or all are made with wrapping.
Any mix of the two causes issues.
Yes, of course. I implicitly considered them as special cases of the
wrapping ones. From the moment you use pointers (bi_ptr/bi_end and
bo_ptr/bo_end), it is easier. But, it never hurts to mention it :)
Thanks
--
Christopher Faulet
