net/http/http_stream_parser.cc - Issue 418035: A large Content-Length header followed by a connection close could trigger an...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/http_stream_parser.cc

Issue 418035: A large Content-Length header followed by a connection close could trigger an... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: '' Created 11 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/http_stream_parser.cc

===================================================================

--- net/http/http_stream_parser.cc (revision 32544)

+++ net/http/http_stream_parser.cc (working copy)

@@ -84,6 +84,7 @@

DCHECK(io_state_ == STATE_BODY_PENDING || io_state_ == STATE_DONE);

DCHECK(!user_callback_);

DCHECK(callback);

+ DCHECK_LE(buf_len, kMaxHeaderBufSize);

if (io_state_ == STATE_DONE)

return OK;

@@ -373,15 +374,15 @@

if (chunked_decoder_.get()) {

save_amount = chunked_decoder_->bytes_after_eof();

} else if (response_body_length_ >= 0) {

- save_amount = static_cast<int>(response_body_read_ -

- response_body_length_);

- if (save_amount < 0)

- save_amount = 0;

- if (result > 0)

- result -= save_amount;

+ int64 extra_data_read = response_body_read_ - response_body_length_;

+ if (extra_data_read > 0) {

+ save_amount = static_cast<int>(extra_data_read);

+ if (result > 0)

+ result -= save_amount;

+ }

}

+ CHECK(save_amount + additional_save_amount <= kMaxHeaderBufSize);

if (read_buf_->capacity() < save_amount + additional_save_amount) {

read_buf_->SetCapacity(save_amount + additional_save_amount);

}

« no previous file with comments | « net/http/http_stream.h ('k') | no next file » | no next file with comments »