BUG/MEDIUM: mux-h1: Cound data from input buf during zero-copy forwarding

During zero-copy forwarding, we first try to forward data found in the input
buffer before trying to receive more data. These data must be removed from
the amount of data to forward (the cound variable).

Otherwise, on an internal retry, in h1_fastfwd(), we can be lead to read
more data than expected. It is especially a problem on the end of a
chunk. An error is erroneously reported because more data than announced are
received.

This patch should fix the issue #2382. It must be backported to 2.9.

(cherry picked from commit eed1e8733c279cda0b6a2db574ead4e0238177f6)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/mux_h1.c b/src/mux_h1.c
index d2acee6..cb70b84 100644 (file)
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -4633,6 +4633,7 @@ static int h1_fastfwd(struct stconn *sc, unsigned int count, unsigned int flags)
        }
 
        total += sdo->iobuf.data;
+       count -= sdo->iobuf.data;
 #if defined(USE_LINUX_SPLICE)
        if (sdo->iobuf.pipe) {
                /* Here, not data was xferred */