Make some assertions nonfatal to help prevent bug23690 recurrence.

3 files changed, 16 insertions, 4 deletions

diff --git a/changes/bug23690_additional_032 b/changes/bug23690_additional_032
new file mode 100644
index 0000000000..218917dca9
--- /dev/null
+++ b/changes/bug23690_additional_032
@@ -0,0 +1,4 @@
+  o Minor features (robustness):
+    - Change several fatal assertions when flushing buffers into
+      non-fatal assertions, to prevent any recurrence of 23690.
+
diff --git a/src/common/buffers.c b/src/common/buffers.c
index e9e4487832..c45e13d551 100644
--- a/src/common/buffers.c
+++ b/src/common/buffers.c
@@ -648,8 +648,12 @@ buf_flush_to_socket(buf_t *buf, tor_socket_t s, size_t sz,
   size_t flushed = 0;
   tor_assert(buf_flushlen);
   tor_assert(SOCKET_OK(s));
-  tor_assert(*buf_flushlen <= buf->datalen);
-  tor_assert(sz <= *buf_flushlen);
+  if (BUG(*buf_flushlen > buf->datalen)) {
+    *buf_flushlen = buf->datalen;
+  }
+  if (BUG(sz > *buf_flushlen)) {
+    sz = *buf_flushlen;
+  }
 
   check();
   while (sz) {
diff --git a/src/common/buffers_tls.c b/src/common/buffers_tls.c
index 8dbd4bcc8e..041f78b818 100644
--- a/src/common/buffers_tls.c
+++ b/src/common/buffers_tls.c
@@ -142,8 +142,12 @@ buf_flush_to_tls(buf_t *buf, tor_tls_t *tls, size_t flushlen,
   size_t flushed = 0;
   ssize_t sz;
   tor_assert(buf_flushlen);
-  tor_assert(*buf_flushlen <= buf->datalen);
-  tor_assert(flushlen <= *buf_flushlen);
+  if (BUG(*buf_flushlen > buf->datalen)) {
+    *buf_flushlen = buf->datalen;
+  }
+  if (BUG(flushlen > *buf_flushlen)) {
+    flushlen = *buf_flushlen;
+  }
   sz = (ssize_t) flushlen;
 
   /* we want to let tls write even if flushlen is zero, because it might