Unhide security fix to QuicStreamSequencerBuffer added in cl/626072759.
To Envoy QUICHE merger: remove bazel/external/quiche_sequencer_fix.patch once this change is merged.
PiperOrigin-RevId: 653683878
diff --git a/quiche/quic/core/quic_stream_sequencer_buffer.cc b/quiche/quic/core/quic_stream_sequencer_buffer.cc
index 496055f..b4878bf 100644
--- a/quiche/quic/core/quic_stream_sequencer_buffer.cc
+++ b/quiche/quic/core/quic_stream_sequencer_buffer.cc
@@ -389,7 +389,11 @@
// Determine if entire block has been received.
size_t end_block_idx = GetBlockIndex(FirstMissingByte());
- if (block_idx == end_block_idx) {
+ if (block_idx == end_block_idx &&
+ block_offset < GetInBlockOffset(FirstMissingByte())) {
+ // If these 2 indexes point to the same block and the fist missing byte
+ // offset is larger than the starting offset, this means data available
+ // hasn't expanded to the next block yet.
// Only read part of block before FirstMissingByte().
iov->iov_len = GetInBlockOffset(FirstMissingByte()) - block_offset;
} else {
@@ -397,6 +401,9 @@
iov->iov_len = GetBlockCapacity(block_idx) - block_offset;
}
+ QUIC_BUG_IF(quic_invalid_peek_region, iov->iov_len > kBlockSizeBytes)
+ << "PeekRegion() at " << offset << " gets bad iov with length "
+ << iov->iov_len;
return true;
}
