Add tests and fixes for 2 corner case when reading chunked request body.

When (@partial_part_left <= 2) then (@partial_part_left - 3) is a negative number and it results in reading too much from the chunk variable into the body.

lib/puma/client.rb

@@ -145,7 +145,9 @@ module Puma
     def decode_chunk(chunk)
       if @partial_part_left > 0
         if @partial_part_left <= chunk.size
-          @body << chunk[0..(@partial_part_left-3)] # skip the \r\n
+          if @partial_part_left > 2
+            @body << chunk[0..(@partial_part_left-3)] # skip the \r\n
+          end
           chunk = chunk[@partial_part_left..-1]
           @partial_part_left = 0
         else

test/test_puma_server.rb

@@ -689,6 +689,51 @@ EOF
     assert_equal (part1 + 'b'), body
   end
 
+  def test_chunked_request_pause_between_closing_cr_lf
+    body = nil
+    @server.app = proc { |env|
+      body = env['rack.input'].read
+      [200, {}, [""]]
+    }
+
+    @server.add_tcp_listener @host, @port
+    @server.run
+
+    sock = TCPSocket.new @host, @server.connected_port
+    sock << "PUT /path HTTP/1.1\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello\r"
+
+    sleep 1
+
+    sock << "\n0\r\n\r\n"
+
+    data = sock.read
+
+    assert_equal "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 0\r\n\r\n", data
+    assert_equal 'hello', body
+  end
+
+  def test_chunked_request_pause_before_closing_cr_lf
+    body = nil
+    @server.app = proc { |env|
+      body = env['rack.input'].read
+      [200, {}, [""]]
+    }
+
+    @server.add_tcp_listener @host, @port
+    @server.run
+
+    sock = TCPSocket.new @host, @server.connected_port
+    sock << "PUT /path HTTP/1.1\r\nConnection: close\r\nTransfer-Encoding: chunked\r\n\r\n5\r\nhello"
+
+    sleep 1
+
+    sock << "\r\n0\r\n\r\n"
+
+    data = sock.read
+
+    assert_equal "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 0\r\n\r\n", data
+    assert_equal 'hello', body
+  end
 
   def test_chunked_request_header_case
     body = nil