commit | 95bf501ea7268742d89c31e015ac123968655c7d | [log] [tgz] |
---|---|---|
author | bnc <bnc@google.com> | Wed Jun 19 07:53:29 2019 -0700 |
committer | Copybara-Service <copybara-worker@google.com> | Wed Jun 19 08:06:05 2019 -0700 |
tree | 63e51abfb8678dad42d0e6c807f30fdd3dd752f0 | |
parent | 1eab645ae836284e2bd1ef82a79cc3fc933d9e0c [diff] |
Fix QuicStreamSequencerBuffer::PrefetchNextRegion() behavior after Clear(). If some data are prefetched then QuicStreamSequencerBuffer::Clear() is called, then QuicStreamSequencerBuffer::FirstByteMissing() will take the value of |total_bytes_read_|, which can be less than |total_bytes_prefetched_|. In this case, QuicStreamSequencerBuffer::PrefetchNextRegion() used to return true, but really ought to return false. This CL fixes that. This CL addresses the root cause of the fuzzer-found ASAN crash at https://crbug.com/969391. It is complementary to cr/253592180, which addresses the stream level behavior. Either CLs would be enough to make that particular crash go away, but they are both necessary as they fix different bugs. gfe-relnote: Change in code only mean for QUIC v99, not flag protected. We believe this change does not need flag protection, because it only affects |total_bytes_prefetched_|, which is only read in QuicStreamSequencerBuffer::PrefetchNextRegion(), which is only called (other than tests) in QuicStreamSequencer::PrefetchNextRegion(), which is only called in three places: QuicSpdyStream::OnDataAvailable() but only when using v99, QuicReceiveControlStream::OnDataAvailable() which is not currently wired up but will be v99-only anyway, and //depot/google3/vr/c9/playability/yperf/message_stream.cc in a galaxy far-far away. Therefore this change should not affect production GFE. PiperOrigin-RevId: 253995330 Change-Id: I40b92da16dcf6ec1bdeda9de9ddeeb49ff3542f4
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.
The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.