Bug 1014600 part 2 - Properly truncate buffers when processing new header blocks. r=mcmanus
authorNicholas Hurley <hurley@todesschaf.org>
Fri, 11 Jul 2014 09:48:34 -0700
changeset 193621 9ded0b5313b40c3e95e38a9c5067f69431218a06
parent 193620 e28d922d5d1735954b4f2108ea63ca0ed038df2d
child 193622 05ae727d8db22d25ef19d4cd6f17681e5418cbed
push id27123
push userryanvm@gmail.com
push dateFri, 11 Jul 2014 20:35:05 +0000
treeherdermozilla-central@84bd8d9f4256 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmcmanus
bugs1014600
milestone33.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1014600 part 2 - Properly truncate buffers when processing new header blocks. r=mcmanus
netwerk/protocol/http/Http2Session.cpp
--- a/netwerk/protocol/http/Http2Session.cpp
+++ b/netwerk/protocol/http/Http2Session.cpp
@@ -1079,16 +1079,17 @@ Http2Session::RecvHeaders(Http2Session *
 
   // Find out how much padding this frame has, so we can only extract the real
   // header data from the frame.
   uint16_t paddingLength = 0;
   uint8_t paddingControlBytes = 0;
   nsresult rv;
 
   if (!isContinuation) {
+    self->mDecompressBuffer.Truncate();
     rv = self->ParsePadding(paddingControlBytes, paddingLength);
     if (NS_FAILED(rv)) {
       return rv;
     }
   }
 
   LOG3(("Http2Session::RecvHeaders %p stream 0x%X priorityLen=%d stream=%p "
         "end_stream=%d end_headers=%d priority_group=%d "
@@ -1386,16 +1387,17 @@ Http2Session::RecvPushPromise(Http2Sessi
   // frame to be PUSH_PROMISE of the same ID
   uint32_t promiseLen;
   uint32_t promisedID;
 
   if (self->mExpectedPushPromiseID) {
     promiseLen = 0; // really a continuation frame
     promisedID = self->mContinuedPromiseStream;
   } else {
+    self->mDecompressBuffer.Truncate();
     nsresult rv = self->ParsePadding(paddingControlBytes, paddingLength);
     if (NS_FAILED(rv)) {
       return rv;
     }
     promiseLen = 4;
     promisedID =
       PR_ntohl(*reinterpret_cast<uint32_t *>(self->mInputFrameBuffer.get() + 8 + paddingControlBytes));
     promisedID &= 0x7fffffff;