[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r12990: Fix a nasty infinite loop in flush_buf[_tls]. (in tor/trunk: . src/or)
Author: nickm
Date: 2007-12-26 17:07:14 -0500 (Wed, 26 Dec 2007)
New Revision: 12990
Modified:
tor/trunk/
tor/trunk/src/or/buffers.c
Log:
r15721@tombo: nickm | 2007-12-26 17:07:10 -0500
Fix a nasty infinite loop in flush_buf[_tls].
Property changes on: tor/trunk
___________________________________________________________________
svk:merge ticket from /tor/trunk [r15721] on d9e39d38-0f13-419c-a857-e10a0ce2aa0c
Modified: tor/trunk/src/or/buffers.c
===================================================================
--- tor/trunk/src/or/buffers.c 2007-12-26 19:02:15 UTC (rev 12989)
+++ tor/trunk/src/or/buffers.c 2007-12-26 22:07:14 UTC (rev 12990)
@@ -113,7 +113,7 @@
/** Static array of freelists, sorted by alloc_len, terminated by an entry
* with alloc_size of 0. */
-/**XXXX020 tune these values. */
+/**XXXX020 tune these values. And all allocation sizes, really. */
static chunk_freelist_t freelists[] = {
FL(256, 1024, 16), FL(512, 1024, 16), FL(1024, 512, 8), FL(4096, 256, 8),
FL(8192, 128, 4), FL(16384, 64, 4), FL(0, 0, 0)
@@ -727,6 +727,8 @@
return r;
flushed += r;
sz -= r;
+ if (r == 0 || (size_t)r < flushlen0) /* can't flush any more now. */
+ break;
}
return flushed;
}
@@ -767,6 +769,8 @@
return r;
flushed += r;
sz -= r;
+ if (r == 0) /* Can't flush any more now. */
+ break;
} while (sz > 0);
return flushed;
}
@@ -892,7 +896,8 @@
int
move_buf_to_buf(buf_t *buf_out, buf_t *buf_in, size_t *buf_flushlen)
{
- /*XXXX020 we can do way better here. */
+ /* XXXX020 we can do way better here. See if this turns up in the
+ */
char b[4096];
size_t cp, len;
len = *buf_flushlen;
@@ -951,10 +956,13 @@
body = (char*) tor_memmem(buf->head->data, buf->head->datalen,
"\r\n\r\n", 4);
if (!body && buf->datalen > buf->head->datalen) {
- buf_pullup(buf, max_headerlen, 1);
+ size_t len_scanned = buf->head->datalen;
+ buf_pullup(buf, max_headerlen, 0);
headers = buf->head->data;
- /*XXX020 avoid searching the original part of the head chunk twice. */
- body = (char*) tor_memmem(buf->head->data, buf->head->datalen,
+ /* avoid searching the original part of the head chunk twice. */
+ len_scanned = (len_scanned > 4) ? len_scanned - 4 : 0;
+ body = (char*) tor_memmem(buf->head->data + len_scanned,
+ buf->head->datalen - len_scanned,
"\r\n\r\n", 4);
}
@@ -1383,7 +1391,8 @@
if (!buf->head)
return 0;
- /* XXXX020 pull up less aggressively. */
+ /* XXXX020 pull up less aggressively. And implement setting *data_len
+ * properly in cases where we return -1. */
buf_pullup(buf, *data_len, 0);
cp = memchr(buf->head->data, '\n', buf->head->datalen);
if (!cp) {