quic:fix crash rx_fifo full or grow

if when the rx_fifo grows, svm_fifo_enqueue() return -4,
stream_data->app_rx_data_len += rlen type conversion occurs,
Finally,stream->recvstate.data_off calculation is wrong.

Type:fix

Signed-off-by: fanxb <fxb_mail@163.com>
Change-Id: Iae11f0c453f32d836f4148d70e3b121545a53a90

diff --git a/src/plugins/quic/quic.c b/src/plugins/quic/quic.c
index 3655f95..2611306 100644 (file)
--- a/src/plugins/quic/quic.c
+++ b/src/plugins/quic/quic.c
@@ -876,6 +876,14 @@ quic_on_receive (quicly_stream_t * stream, size_t off, const void *src,
     {
       /* Streams live on the same thread so (f, stream_data) should stay consistent */
       rlen = svm_fifo_enqueue (f, len, (u8 *) src);
+      if (PREDICT_FALSE (rlen < 0))
+       {
+         /*
+          * drop, fifo full
+          * drop, fifo grow
+          */
+         return;
+       }
       QUIC_DBG (3, "Session [idx %u, app_wrk %u, ti %u, rx-fifo 0x%llx]: "
                "Enqueuing %u (rlen %u) at off %u in %u space, ",
                stream_session->session_index,
@@ -898,6 +906,14 @@ quic_on_receive (quicly_stream_t * stream, size_t off, const void *src,
       rlen = svm_fifo_enqueue_with_offset (f,
                                           off - stream_data->app_rx_data_len,
                                           len, (u8 *) src);
+      if (PREDICT_FALSE (rlen < 0))
+       {
+         /*
+          * drop, fifo full
+          * drop, fifo grow
+          */
+         return;
+       }
       QUIC_ASSERT (rlen == 0);
     }
   return;