Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / d2b597aa10abdff5ec3b58bffe87fb99a9423776^! / .
commitd2b597aa10abdff5ec3b58bffe87fb99a9423776[log] [tgz]
authorThierry FOURNIER <tfournier@exceliance.fr>Sat Mar 07 14:38:50 2015 +0100
committerWilly Tarreau <w@1wt.eu>Mon Mar 09 18:12:59 2015 +0100
tree9c3ec07edc0dc8ec10c25f767938520556297531
parentcd9084f77683106ace2fb863080e7d10e71c39fc [diff]
BUG/MEDIUM: lua: segfault with buffer_replace2

The function buffer_contig_space() returns the contiguous space avalaible
to add data (at the end of the input side) while the function
hlua_channel_send_yield() needs to insert data starting at p. Here we
introduce a new function bi_space_for_replace() which returns the amount
of space that can be inserted at the head of the input side with one of
the buffer_replace* functions.

This patch proposes a function that returns the space avalaible after buf->p.

diff --git a/include/common/buffer.h b/include/common/buffer.h
index 446bd1a..ca90fbe 100644
--- a/include/common/buffer.h
+++ b/include/common/buffer.h

@@ -233,6 +233,32 @@
 	return right - left;
 }
 
+/* Returns the amount of byte that can be written starting from <p> into the
+ * input buffer at once, including reserved space which may be overwritten.
+ * This is used by Lua to insert data in the input side just before the other
+ * data using buffer_replace(). The goal is to transfer these new data in the
+ * output buffer.
+ */
+static inline int bi_space_for_replace(const struct buffer *buf)
+{
+	const char *end;
+
+	/* If the input side data overflows, we cannot insert data contiguously. */
+	if (buf->p + buf->i >= buf->data + buf->size)
+		return 0;
+
+	/* Check the last byte used in the buffer, it may be a byte of the output
+	 * side if the buffer wraps, or its the end of the buffer.
+	 */
+	end = buffer_wrap_sub(buf, buf->p - buf->o);
+	if (end <= buf->p)
+		end = buf->data + buf->size;
+
+	/* Compute the amount of bytes which can be written. */
+	return end - (buf->p + buf->i);
+}
+
+
 /* Normalizes a pointer which is supposed to be relative to the beginning of a
  * buffer, so that wrapping is correctly handled. The intent is to use this
  * when increasing a pointer. Note that the wrapping test is only performed

diff --git a/src/hlua.c b/src/hlua.c
index 75dd077..3f9b909 100644
--- a/src/hlua.c
+++ b/src/hlua.c

@@ -2281,7 +2281,7 @@
 	/* The buffer avalaible size may be not contiguous. This test
 	 * detects a non contiguous buffer and realign it.
 	 */
-	if (buffer_contig_space(chn->chn->buf) < max)
+	if (bi_space_for_replace(chn->chn->buf) < max)
 		buffer_slow_realign(chn->chn->buf);
 
 	/* Copy input data in the buffer. */