BUG/MINOR: h3: fix incorrect BUG_ON assert on SETTINGS parsing
BUG_ON() assertion to check for incomplete SETTINGS frame is incorrect.
It should check if frame length is greater, not smaller, than current
buffer data. Anyway, this BUG_ON() is useless as h3_decode_qcs()
prevents parsing of an incomplete frame, except for H3 DATA. Remove it
to fix this bug.
This bug was introduced in the current dev tree by commit
commit 62eef85961f4a2a241e0b24ef540cc91f156b842
MINOR: mux-quic: simplify decode_qcs API
Thus it does not need to be backported.
This fixes crashes which happen with DEBUG_STRICT=2. Most notably, this
is reproducible with clients that emit more than just a SETTINGS frame
on the H3 control stream. It can be reproduced with aioquic for example.
diff --git a/src/h3.c b/src/h3.c
index 96c1b0e..9a65ebd 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -500,9 +500,6 @@
/* Work on a copy of <buf>. */
b = b_make(b_orig(buf), b_size(buf), b_head_ofs(buf), b_data(buf));
- /* TODO handle incomplete SETTINGS frame */
- BUG_ON(len < b_data(&b));
-
while (b_data(&b)) {
if (!b_quic_dec_int(&id, &b, &ret) || !b_quic_dec_int(&value, &b, &ret)) {
h3c->err = H3_FRAME_ERROR;