From 3ffbf5539e7a278c8ae7efaf6286d8b2ce80d79a Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 26 May 2026 16:31:32 +0200 Subject: [PATCH] BUG/MINOR: mux-fcgi: Use relative offset to compute contig data in demux buf b_contig_data() should be called with a head-relative offset (0 for the beginning of readable data). However, in the FCGI multiplexer, to get contiguous data available in the demux buffer, it is called with b_head_ofs(dbuf) which returns an absolute buffer position (b->head). So b->head is counted twice. Because of this bug, the demux buffer could be realigned while it should not and conversely. Instead, the offset 0 must be used. So let's fix it. This patch must be backported as far as 2.4. --- src/mux_fcgi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index 7bd5d82de..88cbd18b1 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -1595,7 +1595,7 @@ static int fcgi_conn_handle_values_result(struct fcgi_conn *fconn) return 0; } - if (unlikely(b_contig_data(dbuf, b_head_ofs(dbuf)) < fconn->drl)) { + if (unlikely(b_contig_data(dbuf, 0) < fconn->drl)) { /* Realign the dmux buffer if the record wraps. It is unexpected * at this stage because it should be the first record received * from the FCGI application. @@ -2516,7 +2516,7 @@ static int fcgi_strm_handle_end_request(struct fcgi_conn *fconn, struct fcgi_str return 0; } - if (unlikely(b_contig_data(dbuf, b_head_ofs(dbuf)) < fconn->drl)) { + if (unlikely(b_contig_data(dbuf, 0) < fconn->drl)) { /* Realign the dmux buffer if the record wraps. It is unexpected * at this stage because it should be the first record received * from the FCGI application.