Add fudge factor in subscription sharding

Header lengths are not constant-size because Zcode escapes bytes 0xFF and 0x00
into two bytes. If we end up filling up close to all the space we have and
Z_SendFragmentedNotice then computes a header length larger than ours by
enough, the message gets fragmented.

Getting it fragmented is especially unfortunate because only the first of a
fragmented notice ever has a SERVACK survive. (They all get SERVACKs, but
libzephyr kindly drops all but the first on the floor.)

This isn't a watertight fix; we may get really really unlucky and blow up 13
bytes in the authenticator and checksum. But that's not likely, and a proper
fix would involve either computing based on the maximum possible authenticator
size (wasteful and hard to bound tightly) or changing to protocol to use a less
inappropriate encoding.

1 files changed, 5 insertions, 2 deletions

diff --git a/lib/ZSubs.c b/lib/ZSubs.c
index a3d0b78..e0d39ee 100644
--- a/lib/ZSubs.c
+++ b/lib/ZSubs.c
@@ -85,8 +85,11 @@ ZSubscriptions(register ZSubscription_t *sublist,
     char **list;
     char *recip;
     int hdrlen;
-    int size_avail = Z_MAXPKTLEN-Z_FRAGFUDGE; /* space avail for data,
-						 adjusted below */
+    /* Space available for data, adjusted below. Take off Z_FRAGFUDGE twice.
+       The first is to account for Z_SendFragmentedNotice's space. The second
+       to account for hdrlen not being constant. Zcode escapes bytes 0x00 and
+       0xFF, so some bytes are encoded as two bytes. */
+    int size_avail = Z_MAXPKTLEN-Z_FRAGFUDGE-Z_FRAGFUDGE;
     int size, start, numok;
 
     /* nitems = 0 means cancel all subscriptions; still need to allocate a */