walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Revert 622b05aa31 

It turns out that 0-bit prefix is wrong, and the author now
clearly stated that the intention is 8-bit prefix for 8+ fields.
This commit is contained in:
Tatsuhiro Tsujikawa 2013-10-18 19:27:15 +09:00
parent e85418f045
commit f7389ff2e6
1 changed files with 40 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
lib/nghttp2_hd.c
View File

@ -359,15 +359,13 @@ static int ensure_write_buffer(uint8_t **buf_ptr, size_t *buflen_ptr,
static size_t count_encoded_length(size_t n, int prefix)
{
size_t k = (1 << prefix) - 1;
size_t len = 0;
if(prefix > 0) {
size_t k = (1 << prefix) - 1;
if(n >= k) {
n -= k;
++len;
} else {
return 1;
}
if(n >= k) {
n -= k;
++len;
} else {
return 1;
}
do {
++len;
@ -382,17 +380,15 @@ static size_t count_encoded_length(size_t n, int prefix)
static size_t encode_length(uint8_t *buf, size_t n, int prefix)
{
size_t k = (1 << prefix) - 1;
size_t len = 0;
if(prefix > 0) {
size_t k = (1 << prefix) - 1;
if(n >= k) {
*buf++ = k;
n -= k;
++len;
} else {
*buf++ = n;
return 1;
}
if(n >= k) {
*buf++ = k;
n -= k;
++len;
} else {
*buf++ = n;
return 1;
}
do {
++len;
@ -425,17 +421,13 @@ static uint8_t* decode_length(ssize_t *res, uint8_t *in, uint8_t *last,
*res = -1;
return in;
}
if(prefix > 0) {
if((*in & k) == k) {
*res = k;
} else {
*res = (*in) & k;
return in + 1;
}
++in;
if((*in & k) == k) {
*res = k;
} else {
*res = 0;
*res = (*in) & k;
return in + 1;
}
++in;
for(r = 0; in != last; ++in, r += 7) {
*res += (*in & 0x7f) << r;
if(*res >= (1 << 16)) {
@ -479,14 +471,14 @@ static int emit_indname_block(uint8_t **buf_ptr, size_t *buflen_ptr,
int rv;
uint8_t *bufp;
size_t blocklen = count_encoded_length(index + 1, 5) +
count_encoded_length(valuelen, 0) + valuelen;
count_encoded_length(valuelen, 8) + valuelen;
rv = ensure_write_buffer(buf_ptr, buflen_ptr, *offset_ptr, blocklen);
if(rv != 0) {
return rv;
}
bufp = *buf_ptr + *offset_ptr;
bufp += encode_length(bufp, index + 1, 5);
bufp += encode_length(bufp, valuelen, 0);
bufp += encode_length(bufp, valuelen, 8);
memcpy(bufp, value, valuelen);
(*buf_ptr)[*offset_ptr] |= inc_indexing ? 0x40u : 0x60u;
assert(bufp+valuelen - (*buf_ptr + *offset_ptr) == (ssize_t)blocklen);
@ -500,18 +492,18 @@ static int emit_newname_block(uint8_t **buf_ptr, size_t *buflen_ptr,
{
int rv;
uint8_t *bufp;
size_t blocklen = 1 + count_encoded_length(nv->namelen, 0) + nv->namelen +
count_encoded_length(nv->valuelen, 0) + nv->valuelen;
size_t blocklen = 1 + count_encoded_length(nv->namelen, 8) + nv->namelen +
count_encoded_length(nv->valuelen, 8) + nv->valuelen;
rv = ensure_write_buffer(buf_ptr, buflen_ptr, *offset_ptr, blocklen);
if(rv != 0) {
return rv;
}
bufp = *buf_ptr + *offset_ptr;
*bufp++ = inc_indexing ? 0x40u : 0x60u;
bufp += encode_length(bufp, nv->namelen, 0);
bufp += encode_length(bufp, nv->namelen, 8);
memcpy(bufp, nv->name, nv->namelen);
bufp += nv->namelen;
bufp += encode_length(bufp, nv->valuelen, 0);
bufp += encode_length(bufp, nv->valuelen, 8);
memcpy(bufp, nv->value, nv->valuelen);
*offset_ptr += blocklen;
return 0;
@ -525,16 +517,16 @@ static int emit_subst_indname_block(uint8_t **buf_ptr, size_t *buflen_ptr,
int rv;
uint8_t *bufp;
size_t blocklen = count_encoded_length(index + 1, 6) +
count_encoded_length(subindex, 0) +
count_encoded_length(valuelen, 0) + valuelen;
count_encoded_length(subindex, 8) +
count_encoded_length(valuelen, 8) + valuelen;
rv = ensure_write_buffer(buf_ptr, buflen_ptr, *offset_ptr, blocklen);
if(rv != 0) {
return rv;
}
bufp = *buf_ptr + *offset_ptr;
bufp += encode_length(bufp, index + 1, 6);
bufp += encode_length(bufp, subindex, 0);
bufp += encode_length(bufp, valuelen, 0);
bufp += encode_length(bufp, subindex, 8);
bufp += encode_length(bufp, valuelen, 8);
memcpy(bufp, value, valuelen);
*offset_ptr += blocklen;
return 0;
@ -546,20 +538,20 @@ static int emit_subst_newname_block(uint8_t **buf_ptr, size_t *buflen_ptr,
{
int rv;
uint8_t *bufp;
size_t blocklen = 1 + count_encoded_length(nv->namelen, 0) + nv->namelen +
count_encoded_length(subindex, 0) +
count_encoded_length(nv->valuelen, 0) + nv->valuelen;
size_t blocklen = 1 + count_encoded_length(nv->namelen, 8) + nv->namelen +
count_encoded_length(subindex, 8) +
count_encoded_length(nv->valuelen, 8) + nv->valuelen;
rv = ensure_write_buffer(buf_ptr, buflen_ptr, *offset_ptr, blocklen);
if(rv != 0) {
return rv;
}
bufp = *buf_ptr + *offset_ptr;
*bufp++ = 0;
bufp += encode_length(bufp, nv->namelen, 0);
bufp += encode_length(bufp, nv->namelen, 8);
memcpy(bufp, nv->name, nv->namelen);
bufp += nv->namelen;
bufp += encode_length(bufp, subindex, 0);
bufp += encode_length(bufp, nv->valuelen, 0);
bufp += encode_length(bufp, subindex, 8);
bufp += encode_length(bufp, nv->valuelen, 8);
memcpy(bufp, nv->value, nv->valuelen);
*offset_ptr += blocklen;
return 0;
@ -918,7 +910,7 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_context *inflater,
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;
}
in = decode_length(&namelen, in, last, 0);
in = decode_length(&namelen, in, last, 8);
if(namelen < 0 || in + namelen > last) {
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;
@ -930,13 +922,13 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_context *inflater,
nv.name = in;
in += namelen;
if(c == 0) {
in = decode_length(&subindex, in, last, 0);
in = decode_length(&subindex, in, last, 8);
if(subindex < 0) {
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;
}
}
in = decode_length(&valuelen, in, last, 0);
in = decode_length(&valuelen, in, last, 8);
if(valuelen < 0 || in + valuelen > last) {
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;
@ -981,13 +973,13 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_context *inflater,
}
ent = inflater->hd_table[index];
if((c & 0x40u) == 0) {
in = decode_length(&subindex, in, last, 0);
in = decode_length(&subindex, in, last, 8);
if(subindex < 0) {
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;
}
}
in = decode_length(&valuelen, in , last, 0);
in = decode_length(&valuelen, in , last, 8);
if(valuelen < 0 || in + valuelen > last) {
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;