dotnet
diff --git a/‎src/System.Net.Http/src/System/Net/Http/Managed/ChunkedEncodingReadStream.cs‎
Lines changed: 53 additions & 50 deletions b/‎src/System.Net.Http/src/System/Net/Http/Managed/ChunkedEncodingReadStream.cs‎
Lines changed: 53 additions & 50 deletions
diff --git a/‎src/System.Net.Http/src/System/Net/Http/Managed/HttpConnection.cs‎
Lines changed: 15 additions & 5 deletions b/‎src/System.Net.Http/src/System/Net/Http/Managed/HttpConnection.cs‎
Lines changed: 15 additions & 5 deletions
@@ -2,6 +2,7 @@
 // The .NET Foundation licenses this file to you under the MIT license.
 // See the LICENSE file in the project root for more information.
 
+using System.Buffers.Text;
 using System.Diagnostics;
 using System.IO;
 using System.Threading;
@@ -13,81 +14,83 @@ internal sealed partial class HttpConnection
     {
         private sealed class ChunkedEncodingReadStream : HttpContentReadStream
         {
+            /// <summary>How long a chunk indicator is allowed to be.</summary>
+            /// <remarks>
+            /// While most chunks indicators will contain no more than ulong.MaxValue.ToString("X").Length characters,
+            /// "chunk extensions" are allowed. We place a limit on how long a line can be to avoid OOM issues if an
+            /// infinite chunk length is sent.  This value is arbitrary and can be changed as needed.
+            /// </remarks>
+            private const int MaxChunkBytesAllowed = 16*1024;
+            /// <summary>How long a trailing header can be.  This value is arbitrary and can be changed as needed.</summary>
+            private const int MaxTrailingHeaderLength = 16*1024;
+            /// <summary>The number of bytes remaining in the chunk.</summary>
             private ulong _chunkBytesRemaining;
 
-            public ChunkedEncodingReadStream(HttpConnection connection)
-                : base(connection)
+            public ChunkedEncodingReadStream(HttpConnection connection) : base(connection)
             {
-                _chunkBytesRemaining = 0;
             }
 
-            private async Task<bool> TryGetNextChunk(CancellationToken cancellationToken)
+            private async Task<bool> TryGetNextChunkAsync(CancellationToken cancellationToken)
             {
                 Debug.Assert(_chunkBytesRemaining == 0);
 
-                // Start of chunk, read chunk size.
-                ulong chunkSize = ParseHexSize(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false));
-                _chunkBytesRemaining = chunkSize;
-
-                if (chunkSize > 0)
-                {
-                    return true;
-                }
-
-                // We received a chunk size of 0, which indicates end of response body. 
-                // Read and discard any trailing headers, until we see an empty line.
-                while (!LineIsEmpty(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false)))
-                    ;
+                // Read the start of the chunk line.
+                _connection._allowedReadLineBytes = MaxChunkBytesAllowed;
+                ArraySegment<byte> line = await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false);
 
-                _connection.ReturnConnectionToPool();
-                _connection = null;
-                return false;
-            }
-
-            private ulong ParseHexSize(ArraySegment<byte> line)
-            {
-                if (line.Count == 0)
+                // Parse the hex value.
+                if (!Utf8Parser.TryParse(line.AsReadOnlySpan(), out ulong chunkSize, out int bytesConsumed, 'X'))
                 {
                     throw new IOException(SR.net_http_invalid_response);
                 }
-
-                ulong size = 0;
-                try
+                else if (bytesConsumed != line.Count)
                 {
-                    for (int i = 0; i < line.Count; i++)
+                    // There was data after the chunk size, presumably a "chunk extension".
+                    // Allow tabs and spaces and then stop validating once we get to an extension.
+                    int offset = line.Offset + bytesConsumed, end = line.Count - bytesConsumed + line.Offset;
+                    for (int i = offset; i < end; i++)
                     {
-                        char c = (char)line[i];
-                        if ((uint)(c - '0') <= '9' - '0')
-                        {
-                            size = checked(size * 16 + ((ulong)c - '0'));
-                        }
-                        else if ((uint)(c - 'a') <= ('f' - 'a'))
+                        char c = (char)line.Array[i];
+                        if (c == ';')
                         {
-                            size = checked(size * 16 + ((ulong)c - 'a' + 10));
+                            break;
                         }
-                        else if ((uint)(c - 'A') <= ('F' - 'A'))
-                        {
-                            size = checked(size * 16 + ((ulong)c - 'A' + 10));
-                        }
-                        else
+                        else if (c != ' ' && c != '\t') // not called out in the RFC, but WinHTTP allows it
                         {
                             throw new IOException(SR.net_http_invalid_response);
                         }
                     }
                 }
-                catch (OverflowException e)
+
+                _chunkBytesRemaining = chunkSize;
+                if (chunkSize > 0)
                 {
-                    throw new IOException(SR.net_http_invalid_response, e);
+                    return true;
                 }
-                return size;
+
+                // We received a chunk size of 0, which indicates end of response body. 
+                // Read and discard any trailing headers, until we see an empty line.
+                while (true)
+                {
+                    _connection._allowedReadLineBytes = MaxTrailingHeaderLength;
+                    if (LineIsEmpty(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false)))
+                    {
+                        break;
+                    }
+                }
+
+                _connection.ReturnConnectionToPool();
+                _connection = null;
+                return false;
             }
 
-            private async Task ConsumeChunkBytes(ulong bytesConsumed, CancellationToken cancellationToken)
+            private async Task ConsumeChunkBytesAsync(ulong bytesConsumed, CancellationToken cancellationToken)
             {
                 Debug.Assert(bytesConsumed <= _chunkBytesRemaining);
                 _chunkBytesRemaining -= bytesConsumed;
                 if (_chunkBytesRemaining == 0)
                 {
+                    _connection._allowedReadLineBytes = 2; // \r\n
                     if (!LineIsEmpty(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false)))
                     {
                         ThrowInvalidHttpResponse();
@@ -111,7 +114,7 @@ public override async ValueTask<int> ReadAsync(Memory<byte> destination, Cancell
 
                 if (_chunkBytesRemaining == 0)
                 {
-                    if (!await TryGetNextChunk(cancellationToken).ConfigureAwait(false))
+                    if (!await TryGetNextChunkAsync(cancellationToken).ConfigureAwait(false))
                     {
                         // End of response body
                         return 0;
@@ -131,7 +134,7 @@ public override async ValueTask<int> ReadAsync(Memory<byte> destination, Cancell
                     throw new IOException(SR.net_http_invalid_response);
                 }
 
-                await ConsumeChunkBytes((ulong)bytesRead, cancellationToken).ConfigureAwait(false);
+                await ConsumeChunkBytesAsync((ulong)bytesRead, cancellationToken).ConfigureAwait(false);
 
                 return bytesRead;
             }
@@ -152,13 +155,13 @@ public override async Task CopyToAsync(Stream destination, int bufferSize, Cance
                 if (_chunkBytesRemaining > 0)
                 {
                     await _connection.CopyToAsync(destination, _chunkBytesRemaining, cancellationToken).ConfigureAwait(false);
-                    await ConsumeChunkBytes(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);
+                    await ConsumeChunkBytesAsync(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);
                 }
 
-                while (await TryGetNextChunk(cancellationToken).ConfigureAwait(false))
+                while (await TryGetNextChunkAsync(cancellationToken).ConfigureAwait(false))
                 {
                     await _connection.CopyToAsync(destination, _chunkBytesRemaining, cancellationToken).ConfigureAwait(false);
-                    await ConsumeChunkBytes(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);
+                    await ConsumeChunkBytesAsync(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);
                 }
             }
         }
 
@@ -56,6 +56,7 @@ internal sealed partial class HttpConnection : IDisposable
         private readonly byte[] _writeBuffer;
         private int _writeOffset;
         private Exception _pendingException;
+        private int _allowedReadLineBytes;
 
         private Task<int> _readAheadTask;
         private byte[] _readBuffer;
@@ -226,7 +227,7 @@ public async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, Can
 
                 await WriteStringAsync(request.RequestUri.PathAndQuery, cancellationToken).ConfigureAwait(false);
 
-                // fall-back to 1.1 for all versions other than 1.0
+                // Fall back to 1.1 for all versions other than 1.0
                 Debug.Assert(request.Version.Major >= 0 && request.Version.Minor >= 0); // guaranteed by Version class
                 bool isHttp10 = request.Version.Minor == 0 && request.Version.Major == 1;
                 await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11NewlineAsciiBytes,
@@ -313,6 +314,7 @@ await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11N
                 }
 
                 // Start to read response.
+                _allowedReadLineBytes = _pool.Pools.Settings._maxResponseHeadersLength * 1024;
 
                 // We should not have any buffered data here; if there was, it should have been treated as an error
                 // by the previous request handling.  (Note we do not support HTTP pipelining.)
@@ -378,6 +380,7 @@ await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11N
                             {
                                 ThrowInvalidHttpResponse();
                             }
+
                             ParseStatusLine(await ReadNextLineAsync(cancellationToken).ConfigureAwait(false), response);
                         }
                     }
@@ -474,10 +477,7 @@ await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11N
             }
         }
 
-        private static bool LineIsEmpty(ArraySegment<byte> line)
-        {
-            return line.Count == 0;
-        }
+        private static bool LineIsEmpty(ArraySegment<byte> line) => line.Count == 0;
 
         private async Task SendRequestContentAsync(HttpRequestMessage request, HttpContentWriteStream stream)
         {
@@ -896,6 +896,11 @@ private async ValueTask<ArraySegment<byte>> ReadNextLineAsync(CancellationToken
                     }
 
                     // Advance read position past the LF
+                    _allowedReadLineBytes -= lfIndex + 1 - scanOffset;
+                    if (_allowedReadLineBytes < 0)
+                    {
+                        ThrowInvalidHttpResponse();
+                    }
                     _readOffset = lfIndex + 1;
 
                     return new ArraySegment<byte>(_readBuffer, startIndex, length);
@@ -904,6 +909,11 @@ private async ValueTask<ArraySegment<byte>> ReadNextLineAsync(CancellationToken
                 // Couldn't find LF.  Read more.
                 // Note this may cause _readOffset to change.
                 previouslyScannedBytes = _readLength - _readOffset;
+                _allowedReadLineBytes -= _readLength - scanOffset;
+                if (_allowedReadLineBytes < 0)
+                {
+                    ThrowInvalidHttpResponse();
+                }
                 await FillAsync(cancellationToken).ConfigureAwait(false);
             }
         }
Original file line number	Diff line number	Diff line change
`@@ -2,6 +2,7 @@`
`2`	`2`	`// The .NET Foundation licenses this file to you under the MIT license.`
`3`	`3`	`// See the LICENSE file in the project root for more information.`
`4`	`4`
	`5`	`+using System.Buffers.Text;`
`5`	`6`	`using System.Diagnostics;`
`6`	`7`	`using System.IO;`
`7`	`8`	`using System.Threading;`
`@@ -13,81 +14,83 @@ internal sealed partial class HttpConnection`
`13`	`14`	`{`
`14`	`15`	`private sealed class ChunkedEncodingReadStream : HttpContentReadStream`
`15`	`16`	`{`
	`17`	`+ /// <summary>How long a chunk indicator is allowed to be.</summary>`
	`18`	`+ /// <remarks>`
	`19`	`+ /// While most chunks indicators will contain no more than ulong.MaxValue.ToString("X").Length characters,`
	`20`	`+ /// "chunk extensions" are allowed. We place a limit on how long a line can be to avoid OOM issues if an`
	`21`	`+ /// infinite chunk length is sent. This value is arbitrary and can be changed as needed.`
	`22`	`+ /// </remarks>`
	`23`	`+ private const int MaxChunkBytesAllowed = 16*1024;`
	`24`	`+ /// <summary>How long a trailing header can be. This value is arbitrary and can be changed as needed.</summary>`
	`25`	`+ private const int MaxTrailingHeaderLength = 16*1024;`
	`26`	`+ /// <summary>The number of bytes remaining in the chunk.</summary>`
`16`	`27`	`private ulong _chunkBytesRemaining;`
`17`	`28`
`18`		`- public ChunkedEncodingReadStream(HttpConnection connection)`
`19`		`- : base(connection)`
	`29`	`+ public ChunkedEncodingReadStream(HttpConnection connection) : base(connection)`
`20`	`30`	`{`
`21`		`- _chunkBytesRemaining = 0;`
`22`	`31`	`}`
`23`	`32`
`24`		`- private async Task<bool> TryGetNextChunk(CancellationToken cancellationToken)`
	`33`	`+ private async Task<bool> TryGetNextChunkAsync(CancellationToken cancellationToken)`
`25`	`34`	`{`
`26`	`35`	`Debug.Assert(_chunkBytesRemaining == 0);`
`27`	`36`
`28`		`- // Start of chunk, read chunk size.`
`29`		`- ulong chunkSize = ParseHexSize(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false));`
`30`		`- _chunkBytesRemaining = chunkSize;`
`31`		`-`
`32`		`- if (chunkSize > 0)`
`33`		`- {`
`34`		`- return true;`
`35`		`- }`
`36`		`-`
`37`		`- // We received a chunk size of 0, which indicates end of response body.`
`38`		`- // Read and discard any trailing headers, until we see an empty line.`
`39`		`- while (!LineIsEmpty(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false)))`
`40`		`- ;`
	`37`	`+ // Read the start of the chunk line.`
	`38`	`+ _connection._allowedReadLineBytes = MaxChunkBytesAllowed;`
	`39`	`+ ArraySegment<byte> line = await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false);`
`41`	`40`
`42`		`- _connection.ReturnConnectionToPool();`
`43`		`- _connection = null;`
`44`		`- return false;`
`45`		`- }`
`46`		`-`
`47`		`- private ulong ParseHexSize(ArraySegment<byte> line)`
`48`		`- {`
`49`		`- if (line.Count == 0)`
	`41`	`+ // Parse the hex value.`
	`42`	`+ if (!Utf8Parser.TryParse(line.AsReadOnlySpan(), out ulong chunkSize, out int bytesConsumed, 'X'))`
`50`	`43`	`{`
`51`	`44`	`throw new IOException(SR.net_http_invalid_response);`
`52`	`45`	`}`
`53`		`-`
`54`		`- ulong size = 0;`
`55`		`- try`
	`46`	`+ else if (bytesConsumed != line.Count)`
`56`	`47`	`{`
`57`		`- for (int i = 0; i < line.Count; i++)`
	`48`	`+ // There was data after the chunk size, presumably a "chunk extension".`
	`49`	`+ // Allow tabs and spaces and then stop validating once we get to an extension.`
	`50`	`+ int offset = line.Offset + bytesConsumed, end = line.Count - bytesConsumed + line.Offset;`
	`51`	`+ for (int i = offset; i < end; i++)`
`58`	`52`	`{`
`59`		`- char c = (char)line[i];`
`60`		`- if ((uint)(c - '0') <= '9' - '0')`
`61`		`- {`
`62`		`- size = checked(size * 16 + ((ulong)c - '0'));`
`63`		`- }`
`64`		`- else if ((uint)(c - 'a') <= ('f' - 'a'))`
	`53`	`+ char c = (char)line.Array[i];`
	`54`	`+ if (c == ';')`
`65`	`55`	`{`
`66`		`- size = checked(size * 16 + ((ulong)c - 'a' + 10));`
	`56`	`+ break;`
`67`	`57`	`}`
`68`		`- else if ((uint)(c - 'A') <= ('F' - 'A'))`
`69`		`- {`
`70`		`- size = checked(size * 16 + ((ulong)c - 'A' + 10));`
`71`		`- }`
`72`		`- else`
	`58`	`+ else if (c != ' ' && c != '\t') // not called out in the RFC, but WinHTTP allows it`
`73`	`59`	`{`
`74`	`60`	`throw new IOException(SR.net_http_invalid_response);`
`75`	`61`	`}`
`76`	`62`	`}`
`77`	`63`	`}`
`78`		`- catch (OverflowException e)`
	`64`	`+`
	`65`	`+ _chunkBytesRemaining = chunkSize;`
	`66`	`+ if (chunkSize > 0)`
`79`	`67`	`{`
`80`		`- throw new IOException(SR.net_http_invalid_response, e);`
	`68`	`+ return true;`
`81`	`69`	`}`
`82`		`- return size;`
	`70`	`+`
	`71`	`+ // We received a chunk size of 0, which indicates end of response body.`
	`72`	`+ // Read and discard any trailing headers, until we see an empty line.`
	`73`	`+ while (true)`
	`74`	`+ {`
	`75`	`+ _connection._allowedReadLineBytes = MaxTrailingHeaderLength;`
	`76`	`+ if (LineIsEmpty(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false)))`
	`77`	`+ {`
	`78`	`+ break;`
	`79`	`+ }`
	`80`	`+ }`
	`81`	`+`
	`82`	`+ _connection.ReturnConnectionToPool();`
	`83`	`+ _connection = null;`
	`84`	`+ return false;`
`83`	`85`	`}`
`84`	`86`
`85`		`- private async Task ConsumeChunkBytes(ulong bytesConsumed, CancellationToken cancellationToken)`
	`87`	`+ private async Task ConsumeChunkBytesAsync(ulong bytesConsumed, CancellationToken cancellationToken)`
`86`	`88`	`{`
`87`	`89`	`Debug.Assert(bytesConsumed <= _chunkBytesRemaining);`
`88`	`90`	`_chunkBytesRemaining -= bytesConsumed;`
`89`	`91`	`if (_chunkBytesRemaining == 0)`
`90`	`92`	`{`
	`93`	`+ _connection._allowedReadLineBytes = 2; // \r\n`
`91`	`94`	`if (!LineIsEmpty(await _connection.ReadNextLineAsync(cancellationToken).ConfigureAwait(false)))`
`92`	`95`	`{`
`93`	`96`	`ThrowInvalidHttpResponse();`
`@@ -111,7 +114,7 @@ public override async ValueTask<int> ReadAsync(Memory<byte> destination, Cancell`
`111`	`114`
`112`	`115`	`if (_chunkBytesRemaining == 0)`
`113`	`116`	`{`
`114`		`- if (!await TryGetNextChunk(cancellationToken).ConfigureAwait(false))`
	`117`	`+ if (!await TryGetNextChunkAsync(cancellationToken).ConfigureAwait(false))`
`115`	`118`	`{`
`116`	`119`	`// End of response body`
`117`	`120`	`return 0;`
`@@ -131,7 +134,7 @@ public override async ValueTask<int> ReadAsync(Memory<byte> destination, Cancell`
`131`	`134`	`throw new IOException(SR.net_http_invalid_response);`
`132`	`135`	`}`
`133`	`136`
`134`		`- await ConsumeChunkBytes((ulong)bytesRead, cancellationToken).ConfigureAwait(false);`
	`137`	`+ await ConsumeChunkBytesAsync((ulong)bytesRead, cancellationToken).ConfigureAwait(false);`
`135`	`138`
`136`	`139`	`return bytesRead;`
`137`	`140`	`}`
`@@ -152,13 +155,13 @@ public override async Task CopyToAsync(Stream destination, int bufferSize, Cance`
`152`	`155`	`if (_chunkBytesRemaining > 0)`
`153`	`156`	`{`
`154`	`157`	`await _connection.CopyToAsync(destination, _chunkBytesRemaining, cancellationToken).ConfigureAwait(false);`
`155`		`- await ConsumeChunkBytes(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);`
	`158`	`+ await ConsumeChunkBytesAsync(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);`
`156`	`159`	`}`
`157`	`160`
`158`		`- while (await TryGetNextChunk(cancellationToken).ConfigureAwait(false))`
	`161`	`+ while (await TryGetNextChunkAsync(cancellationToken).ConfigureAwait(false))`
`159`	`162`	`{`
`160`	`163`	`await _connection.CopyToAsync(destination, _chunkBytesRemaining, cancellationToken).ConfigureAwait(false);`
`161`		`- await ConsumeChunkBytes(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);`
	`164`	`+ await ConsumeChunkBytesAsync(_chunkBytesRemaining, cancellationToken).ConfigureAwait(false);`
`162`	`165`	`}`
`163`	`166`	`}`
`164`	`167`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,6 +56,7 @@ internal sealed partial class HttpConnection : IDisposable`
`56`	`56`	`private readonly byte[] _writeBuffer;`
`57`	`57`	`private int _writeOffset;`
`58`	`58`	`private Exception _pendingException;`
	`59`	`+ private int _allowedReadLineBytes;`
`59`	`60`
`60`	`61`	`private Task<int> _readAheadTask;`
`61`	`62`	`private byte[] _readBuffer;`
`@@ -226,7 +227,7 @@ public async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, Can`
`226`	`227`
`227`	`228`	`await WriteStringAsync(request.RequestUri.PathAndQuery, cancellationToken).ConfigureAwait(false);`
`228`	`229`
`229`		`- // fall-back to 1.1 for all versions other than 1.0`
	`230`	`+ // Fall back to 1.1 for all versions other than 1.0`
`230`	`231`	`Debug.Assert(request.Version.Major >= 0 && request.Version.Minor >= 0); // guaranteed by Version class`
`231`	`232`	`bool isHttp10 = request.Version.Minor == 0 && request.Version.Major == 1;`
`232`	`233`	`await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11NewlineAsciiBytes,`
`@@ -313,6 +314,7 @@ await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11N`
`313`	`314`	`}`
`314`	`315`
`315`	`316`	`// Start to read response.`
	`317`	`+ _allowedReadLineBytes = _pool.Pools.Settings._maxResponseHeadersLength * 1024;`
`316`	`318`
`317`	`319`	`// We should not have any buffered data here; if there was, it should have been treated as an error`
`318`	`320`	`// by the previous request handling. (Note we do not support HTTP pipelining.)`
`@@ -378,6 +380,7 @@ await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11N`
`378`	`380`	`{`
`379`	`381`	`ThrowInvalidHttpResponse();`
`380`	`382`	`}`
	`383`	`+`
`381`	`384`	`ParseStatusLine(await ReadNextLineAsync(cancellationToken).ConfigureAwait(false), response);`
`382`	`385`	`}`
`383`	`386`	`}`
`@@ -474,10 +477,7 @@ await WriteBytesAsync(isHttp10 ? s_spaceHttp10NewlineAsciiBytes : s_spaceHttp11N`
`474`	`477`	`}`
`475`	`478`	`}`
`476`	`479`
`477`		`- private static bool LineIsEmpty(ArraySegment<byte> line)`
`478`		`- {`
`479`		`- return line.Count == 0;`
`480`		`- }`
	`480`	`+ private static bool LineIsEmpty(ArraySegment<byte> line) => line.Count == 0;`
`481`	`481`
`482`	`482`	`private async Task SendRequestContentAsync(HttpRequestMessage request, HttpContentWriteStream stream)`
`483`	`483`	`{`
`@@ -896,6 +896,11 @@ private async ValueTask<ArraySegment<byte>> ReadNextLineAsync(CancellationToken`
`896`	`896`	`}`
`897`	`897`
`898`	`898`	`// Advance read position past the LF`
	`899`	`+ _allowedReadLineBytes -= lfIndex + 1 - scanOffset;`
	`900`	`+ if (_allowedReadLineBytes < 0)`
	`901`	`+ {`
	`902`	`+ ThrowInvalidHttpResponse();`
	`903`	`+ }`
`899`	`904`	`_readOffset = lfIndex + 1;`
`900`	`905`
`901`	`906`	`return new ArraySegment<byte>(_readBuffer, startIndex, length);`
`@@ -904,6 +909,11 @@ private async ValueTask<ArraySegment<byte>> ReadNextLineAsync(CancellationToken`
`904`	`909`	`// Couldn't find LF. Read more.`
`905`	`910`	`// Note this may cause _readOffset to change.`
`906`	`911`	`previouslyScannedBytes = _readLength - _readOffset;`
	`912`	`+ _allowedReadLineBytes -= _readLength - scanOffset;`
	`913`	`+ if (_allowedReadLineBytes < 0)`
	`914`	`+ {`
	`915`	`+ ThrowInvalidHttpResponse();`
	`916`	`+ }`
`907`	`917`	`await FillAsync(cancellationToken).ConfigureAwait(false);`
`908`	`918`	`}`
`909`	`919`	`}`