From d74886350e432547e7a70095170fe1a9a0dab0c8 Mon Sep 17 00:00:00 2001
From: sergeyu <sergeyu@chromium.org>
Date: Thu, 19 Jan 2017 10:53:35 -0800
Subject: [PATCH] Fix PseudoTcp to handle incoming packets with invalid SEQ
 field

Previously PseudoTcp::process() didn't handle the case when the peer
sends a packet that's outside of the receive window, which was causing
DCHECK failures in the fuzzer.

BUG=681849

Review-Url: https://codereview.webrtc.org/2640173002
Cr-Commit-Position: refs/heads/master@{#16169}
---
 webrtc/p2p/base/pseudotcp.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/webrtc/p2p/base/pseudotcp.cc b/webrtc/p2p/base/pseudotcp.cc
index ec302d3520..f87c7a75ac 100644
--- a/webrtc/p2p/base/pseudotcp.cc
+++ b/webrtc/p2p/base/pseudotcp.cc
@@ -910,10 +910,14 @@ bool PseudoTcp::process(Segment& seg) {
     } else {
       uint32_t nOffset = seg.seq - m_rcv_nxt;
 
-      rtc::StreamResult result = m_rbuf.WriteOffset(seg.data, seg.len,
-                                                          nOffset, NULL);
+      rtc::StreamResult result =
+          m_rbuf.WriteOffset(seg.data, seg.len, nOffset, NULL);
+      if (result == rtc::SR_BLOCK) {
+        // Ignore incoming packets outside of the receive window.
+        return false;
+      }
+
       RTC_DCHECK(result == rtc::SR_SUCCESS);
-      RTC_UNUSED(result);
 
       if (seg.seq == m_rcv_nxt) {
         m_rbuf.ConsumeWriteBuffer(seg.len);