diff --git a/src/quic_frame.c b/src/quic_frame.c index 386c40943..bdf563868 100644 --- a/src/quic_frame.c +++ b/src/quic_frame.c @@ -1117,12 +1117,15 @@ int qc_parse_frm(struct quic_frame *frm, struct quic_rx_packet *pkt, /* Encode QUIC frame into buffer. * Returns 1 if succeeded (enough room in to encode the frame), 0 if not. + * The buffer is updated to point to one byte past the end of the built frame + * only if succeeded. */ int qc_build_frm(unsigned char **buf, const unsigned char *end, struct quic_frame *frm, struct quic_tx_packet *pkt, struct quic_conn *qc) { const struct quic_frame_builder *builder; + unsigned char *pos = *buf; builder = &quic_frame_builders[frm->type]; if (!(builder->mask & (1U << pkt->type))) { @@ -1131,19 +1134,20 @@ int qc_build_frm(unsigned char **buf, const unsigned char *end, BUG_ON(!(builder->mask & (1U << pkt->type))); } - if (end <= *buf) { + if (end <= pos) { TRACE_DEVEL("not enough room", QUIC_EV_CONN_BFRM, qc, frm); return 0; } TRACE_PROTO("frame", QUIC_EV_CONN_BFRM, qc, frm); - *(*buf)++ = frm->type; - if (!quic_frame_builders[frm->type].func(buf, end, frm, qc)) { + *pos++ = frm->type; + if (!quic_frame_builders[frm->type].func(&pos, end, frm, qc)) { TRACE_DEVEL("frame building error", QUIC_EV_CONN_BFRM, qc, frm); return 0; } pkt->flags |= builder->flags; + *buf = pos; return 1; } diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 7c3e4d288..9014904cf 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -6199,9 +6199,7 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end, if (!LIST_ISEMPTY(&frm_list)) { struct quic_frame *tmp_cf; list_for_each_entry_safe(cf, tmp_cf, &frm_list, list) { - unsigned char *spos = pos; - - if (!qc_build_frm(&spos, end, cf, pkt, qc)) { + if (!qc_build_frm(&pos, end, cf, pkt, qc)) { ssize_t room = end - pos; TRACE_PROTO("Not enough room", QUIC_EV_CONN_HPKT, qc, NULL, NULL, &room); @@ -6215,7 +6213,6 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end, break; } - pos = spos; quic_tx_packet_refinc(pkt); cf->pkt = pkt; }