From f73c4f24ee36c671562840e941c914f79566cf97 Mon Sep 17 00:00:00 2001
From: Scott Mitchell <scott_mitchell@apple.com>
Date: Sat, 13 Aug 2016 10:59:28 -0700
Subject: [PATCH] HTTP/2 HPACK Bounds Check Fix

Motivation:
21e8d84b7961c36435714cdb16eec31ad08213bc changed the way bounds checking was done, but however a bounds check in the case of READ_LITERAL_HEADER_NAME_LENGTH_PREFIX was using an old value. This would delay when the bounds check would actually be done and potentially allow more allocation than necessary.

Modifications:
- Use the new length (index) in the bounds check instead of an old length (nameLength) which had not yet been assigned to the new value.

Result:
More correct bounds checking.
---
 .../io/netty/handler/codec/http2/internal/hpack/Decoder.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/codec-http2/src/main/java/io/netty/handler/codec/http2/internal/hpack/Decoder.java b/codec-http2/src/main/java/io/netty/handler/codec/http2/internal/hpack/Decoder.java
index fa37acab53..b67a9dc4ca 100644
--- a/codec-http2/src/main/java/io/netty/handler/codec/http2/internal/hpack/Decoder.java
+++ b/codec-http2/src/main/java/io/netty/handler/codec/http2/internal/hpack/Decoder.java
@@ -213,7 +213,7 @@ public final class Decoder {
                     if (index == 0x7f) {
                         state = READ_LITERAL_HEADER_NAME_LENGTH;
                     } else {
-                        if (nameLength > maxHeadersLength - headersLength) {
+                        if (index > maxHeadersLength - headersLength) {
                             maxHeaderSizeExceeded();
                         }
                         nameLength = index;