commit 95bf501ea7268742d89c31e015ac123968655c7d
author bnc <bnc@google.com> Wed Jun 19 07:53:29 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Wed Jun 19 08:06:05 2019 -0700
tree 63e51abfb8678dad42d0e6c807f30fdd3dd752f0
parent 1eab645ae836284e2bd1ef82a79cc3fc933d9e0c

Fix QuicStreamSequencerBuffer::PrefetchNextRegion() behavior after Clear().

If some data are prefetched then QuicStreamSequencerBuffer::Clear() is called,
then QuicStreamSequencerBuffer::FirstByteMissing() will take the value of
|total_bytes_read_|, which can be less than |total_bytes_prefetched_|.  In this
case, QuicStreamSequencerBuffer::PrefetchNextRegion() used to return true, but
really ought to return false.  This CL fixes that.

This CL addresses the root cause of the fuzzer-found ASAN crash at
https://crbug.com/969391.  It is complementary to cr/253592180, which addresses
the stream level behavior.  Either CLs would be enough to make that particular
crash go away, but they are both necessary as they fix different bugs.

gfe-relnote: Change in code only mean for QUIC v99, not flag protected.

We believe this change does not need flag protection, because it only affects |total_bytes_prefetched_|, which is only read in QuicStreamSequencerBuffer::PrefetchNextRegion(), which is only called (other than tests) in QuicStreamSequencer::PrefetchNextRegion(), which is only called in three places: QuicSpdyStream::OnDataAvailable() but only when using v99, QuicReceiveControlStream::OnDataAvailable() which is not currently wired up but will be v99-only anyway, and //depot/google3/vr/c9/playability/yperf/message_stream.cc in a galaxy far-far away.  Therefore this change should not affect production GFE.

PiperOrigin-RevId: 253995330
Change-Id: I40b92da16dcf6ec1bdeda9de9ddeeb49ff3542f4