Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(76)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_parser.cc

Issue 418035: A large Content-Length header followed by a connection close could trigger an... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_stream.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_parser.h" 5 #include "net/http/http_stream_parser.h"
6 6
7 #include "base/compiler_specific.h" 7 #include "base/compiler_specific.h"
8 #include "base/trace_event.h" 8 #include "base/trace_event.h"
9 #include "net/base/io_buffer.h" 9 #include "net/base/io_buffer.h"
10 #include "net/http/http_request_info.h" 10 #include "net/http/http_request_info.h"
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after
77 user_callback_ = callback; 77 user_callback_ = callback;
78 78
79 return result > 0 ? OK : result; 79 return result > 0 ? OK : result;
80 } 80 }
81 81
82 int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len, 82 int HttpStreamParser::ReadResponseBody(IOBuffer* buf, int buf_len,
83 CompletionCallback* callback) { 83 CompletionCallback* callback) {
84 DCHECK(io_state_ == STATE_BODY_PENDING || io_state_ == STATE_DONE); 84 DCHECK(io_state_ == STATE_BODY_PENDING || io_state_ == STATE_DONE);
85 DCHECK(!user_callback_); 85 DCHECK(!user_callback_);
86 DCHECK(callback); 86 DCHECK(callback);
87 DCHECK_LE(buf_len, kMaxHeaderBufSize);
87 88
88 if (io_state_ == STATE_DONE) 89 if (io_state_ == STATE_DONE)
89 return OK; 90 return OK;
90 91
91 user_read_buf_ = buf; 92 user_read_buf_ = buf;
92 user_read_buf_len_ = buf_len; 93 user_read_buf_len_ = buf_len;
93 io_state_ = STATE_READ_BODY; 94 io_state_ = STATE_READ_BODY;
94 95
95 int result = DoLoop(OK); 96 int result = DoLoop(OK);
96 if (result == ERR_IO_PENDING) 97 if (result == ERR_IO_PENDING)
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
366 // Save the overflow data, which can be in two places. There may be 367 // Save the overflow data, which can be in two places. There may be
367 // some left over in |user_read_buf_|, plus there may be more 368 // some left over in |user_read_buf_|, plus there may be more
368 // in |read_buf_|. But the part left over in |user_read_buf_| must have 369 // in |read_buf_|. But the part left over in |user_read_buf_| must have
369 // come from the |read_buf_|, so there's room to put it back at the 370 // come from the |read_buf_|, so there's room to put it back at the
370 // start first. 371 // start first.
371 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_; 372 int additional_save_amount = read_buf_->offset() - read_buf_unused_offset_;
372 int save_amount = 0; 373 int save_amount = 0;
373 if (chunked_decoder_.get()) { 374 if (chunked_decoder_.get()) {
374 save_amount = chunked_decoder_->bytes_after_eof(); 375 save_amount = chunked_decoder_->bytes_after_eof();
375 } else if (response_body_length_ >= 0) { 376 } else if (response_body_length_ >= 0) {
376 save_amount = static_cast<int>(response_body_read_ - 377 int64 extra_data_read = response_body_read_ - response_body_length_;
377 response_body_length_); 378 if (extra_data_read > 0) {
378 if (save_amount < 0) 379 save_amount = static_cast<int>(extra_data_read);
379 save_amount = 0; 380 if (result > 0)
380 381 result -= save_amount;
381 if (result > 0) 382 }
382 result -= save_amount;
383 } 383 }
384 384
385 CHECK(save_amount + additional_save_amount <= kMaxHeaderBufSize);
385 if (read_buf_->capacity() < save_amount + additional_save_amount) { 386 if (read_buf_->capacity() < save_amount + additional_save_amount) {
386 read_buf_->SetCapacity(save_amount + additional_save_amount); 387 read_buf_->SetCapacity(save_amount + additional_save_amount);
387 } 388 }
388 389
389 if (save_amount) { 390 if (save_amount) {
390 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result, 391 memcpy(read_buf_->StartOfBuffer(), user_read_buf_->data() + result,
391 save_amount); 392 save_amount);
392 } 393 }
393 read_buf_->set_offset(save_amount); 394 read_buf_->set_offset(save_amount);
394 if (additional_save_amount) { 395 if (additional_save_amount) {
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
511 512
512 bool HttpStreamParser::CanFindEndOfResponse() const { 513 bool HttpStreamParser::CanFindEndOfResponse() const {
513 return chunked_decoder_.get() || response_body_length_ >= 0; 514 return chunked_decoder_.get() || response_body_length_ >= 0;
514 } 515 }
515 516
516 bool HttpStreamParser::IsMoreDataBuffered() const { 517 bool HttpStreamParser::IsMoreDataBuffered() const {
517 return read_buf_->offset() > read_buf_unused_offset_; 518 return read_buf_->offset() > read_buf_unused_offset_;
518 } 519 }
519 520
520 } // namespace net 521 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_stream.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698