Fix QuicStreamSequencerBuffer::PrefetchNextRegion() behavior after Clear().

If some data are prefetched then QuicStreamSequencerBuffer::Clear() is called,
then QuicStreamSequencerBuffer::FirstByteMissing() will take the value of
|total_bytes_read_|, which can be less than |total_bytes_prefetched_|.  In this
case, QuicStreamSequencerBuffer::PrefetchNextRegion() used to return true, but
really ought to return false.  This CL fixes that.

This CL addresses the root cause of the fuzzer-found ASAN crash at  It is complementary to cr/253592180, which addresses
the stream level behavior.  Either CLs would be enough to make that particular
crash go away, but they are both necessary as they fix different bugs.

gfe-relnote: Change in code only mean for QUIC v99, not flag protected.

We believe this change does not need flag protection, because it only affects |total_bytes_prefetched_|, which is only read in QuicStreamSequencerBuffer::PrefetchNextRegion(), which is only called (other than tests) in QuicStreamSequencer::PrefetchNextRegion(), which is only called in three places: QuicSpdyStream::OnDataAvailable() but only when using v99, QuicReceiveControlStream::OnDataAvailable() which is not currently wired up but will be v99-only anyway, and //depot/google3/vr/c9/playability/yperf/ in a galaxy far-far away.  Therefore this change should not affect production GFE.

PiperOrigin-RevId: 253995330
Change-Id: I40b92da16dcf6ec1bdeda9de9ddeeb49ff3542f4
2 files changed
tree: 63e51abfb8678dad42d0e6c807f30fdd3dd752f0
  4. common/
  5. epoll_server/
  6. http2/
  7. quic/
  8. spdy/


QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from into this repository. Please excuse our appearance while we're under construction.