From 11229702a03626ca1463f9216d7511616711acc7 Mon Sep 17 00:00:00 2001
From: Yuchen Wu <yuchen@cloudflare.com>
Date: Wed, 23 Dec 2020 14:08:50 -0800
Subject: [PATCH] Return an error instead of panicking when stuck in a
 CONTINUATION loop

It is not rare a large header can trigger such a CONTINUATION loop.
While the stream cannot recover from this issue, returning an error
instead of panicking makes the impact radius under better control.
---
 src/codec/framed_write.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/codec/framed_write.rs b/src/codec/framed_write.rs
index 4191e03..30888c6 100644
--- a/src/codec/framed_write.rs
+++ b/src/codec/framed_write.rs
@@ -148,6 +148,12 @@ where
             match self.encoder.unset_frame() {
                 ControlFlow::Continue => (),
                 ControlFlow::Break => break,
+                ControlFlow::EndlessLoopHeaderTooBig => {
+                    return Poll::Ready(Err(std::io::Error::new(
+                        std::io::ErrorKind::InvalidInput,
+                        UserError::HeaderTooBig,
+                    )));
+                }
             }
         }
 
@@ -193,6 +199,7 @@ where
 enum ControlFlow {
     Continue,
     Break,
+    EndlessLoopHeaderTooBig,
 }
 
 impl<B> Encoder<B>
@@ -222,7 +229,10 @@ where
                         // If *only* the CONTINUATION frame header was
                         // written, and *no* header fields, we're stuck
                         // in a loop...
-                        panic!("CONTINUATION frame write loop; header value too big to encode");
+                        tracing::warn!(
+                            "CONTINUATION frame write loop; header value too big to encode"
+                        );
+                        return ControlFlow::EndlessLoopHeaderTooBig;
                     }
 
                     self.next = Some(Next::Continuation(continuation));