nginx: src/http/v2/ngx_http

comparison src/http/v2/ngx_http_v2.c @ 9179:ea1f29c2010c

HTTP/2: fixed buffer management with HTTP/2 auto-detection. As part of normal HTTP/2 processing, incomplete frames are saved in the control state using a fixed size memcpy of NGX_HTTP_V2_STATE_BUFFER_SIZE. For this matter, two state buffers are reserved in the HTTP/2 recv buffer. As part of HTTP/2 auto-detection on plain TCP connections, initial data is first read into a buffer specified by the client_header_buffer_size directive that doesn't have state reservation. Previously, this made it possible to over-read the buffer as part of saving the state. The fix is to read the available buffer size rather than a fixed size. Although memcpy of a fixed size can produce a better optimized code, handling of incomplete frames isn't a common execution path, so it was sacrificed for the sake of simplicity of the fix.

author	Sergey Kandaurov <pluknet@nginx.com>
date	Sat, 21 Oct 2023 18:48:24 +0400
parents	cdda286c0f1b
children	cb1e214efe41

comparison

equal deleted inserted replaced

-:b74f891053c7
+:ea1f29c2010c
 }
 h2mcf = ngx_http_get_module_main_conf(h2c->http_connection->conf_ctx,
 ngx_http_v2_module);
-available = h2mcf->recv_buffer_size - 2 * NGX_HTTP_V2_STATE_BUFFER_SIZE;
+available = h2mcf->recv_buffer_size - NGX_HTTP_V2_STATE_BUFFER_SIZE;
 do {
 p = h2mcf->recv_buffer;
+end = ngx_cpymem(p, h2c->state.buffer, h2c->state.buffer_used);
-ngx_memcpy(p, h2c->state.buffer, NGX_HTTP_V2_STATE_BUFFER_SIZE);
-end = p + h2c->state.buffer_used;
 n = c->recv(c, end, available);
 if (n == NGX_AGAIN) {
 break;
 "state buffer overflow: %uz bytes required", size);
 return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
 }
-ngx_memcpy(h2c->state.buffer, pos, NGX_HTTP_V2_STATE_BUFFER_SIZE);
+ngx_memcpy(h2c->state.buffer, pos, size);
 h2c->state.buffer_used = size;
 h2c->state.handler = handler;
 h2c->state.incomplete = 1;

Mercurial > hg > nginx

comparison src/http/v2/ngx_http_v2.c @ 9179:ea1f29c2010c