|author||bnc <email@example.com>||Wed Jun 19 07:53:29 2019 -0700|
|committer||Copybara-Service <firstname.lastname@example.org>||Wed Jun 19 08:06:05 2019 -0700|
Fix QuicStreamSequencerBuffer::PrefetchNextRegion() behavior after Clear(). If some data are prefetched then QuicStreamSequencerBuffer::Clear() is called, then QuicStreamSequencerBuffer::FirstByteMissing() will take the value of |total_bytes_read_|, which can be less than |total_bytes_prefetched_|. In this case, QuicStreamSequencerBuffer::PrefetchNextRegion() used to return true, but really ought to return false. This CL fixes that. This CL addresses the root cause of the fuzzer-found ASAN crash at https://crbug.com/969391. It is complementary to cr/253592180, which addresses the stream level behavior. Either CLs would be enough to make that particular crash go away, but they are both necessary as they fix different bugs. gfe-relnote: Change in code only mean for QUIC v99, not flag protected. We believe this change does not need flag protection, because it only affects |total_bytes_prefetched_|, which is only read in QuicStreamSequencerBuffer::PrefetchNextRegion(), which is only called (other than tests) in QuicStreamSequencer::PrefetchNextRegion(), which is only called in three places: QuicSpdyStream::OnDataAvailable() but only when using v99, QuicReceiveControlStream::OnDataAvailable() which is not currently wired up but will be v99-only anyway, and //depot/google3/vr/c9/playability/yperf/message_stream.cc in a galaxy far-far away. Therefore this change should not affect production GFE. PiperOrigin-RevId: 253995330 Change-Id: I40b92da16dcf6ec1bdeda9de9ddeeb49ff3542f4
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.
The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.