Fix for Kestrel's ParseHeaders throwing ArgumentOutOfRange exception (#61316)

src/Servers/Kestrel/Core/src/Internal/Http/HttpParser.cs

@@ -250,7 +250,7 @@ public class HttpParser<TRequestHandler> : IHttpParser<TRequestHandler> where TR
                         else
                         {
                             // Include the thing after the CR in the rejection exception.
-                            var stopIndex = crIndex + 2;
+                            var stopIndex = Math.Min(crIndex + 2, span.Length);
                             RejectRequestHeader(span[..stopIndex]);
                         }
                     }

src/Servers/Kestrel/Core/test/HttpParserTests.cs

@@ -795,6 +795,27 @@ public class HttpParserTests : LoggedTest
         Assert.Equal(StatusCodes.Status400BadRequest, exception.StatusCode);
     }
 
+    [Fact]
+    public void ParseMultispanHeaderWithCrAtSpanEnd()
+    {
+        var parser = CreateParser(CreateEnabledTrace(), false);
+
+        var buffer = ReadOnlySequenceFactory.CreateSegments(
+            Encoding.ASCII.GetBytes("Head\r"),
+            Encoding.ASCII.GetBytes("va\r"));
+        var requestHandler = new RequestHandler();
+
+        var reader = new SequenceReader<byte>(buffer);
+
+#pragma warning disable CS0618 // Type or member is obsolete
+        var exception = Assert.Throws<BadHttpRequestException>(() =>
+#pragma warning restore CS0618 // Type or member is obsolete
+        {
+            var reader = new SequenceReader<byte>(buffer);
+            parser.ParseHeaders(requestHandler, ref reader);
+        });
+    }
+
     private bool ParseRequestLine(IHttpParser<RequestHandler> parser, RequestHandler requestHandler, ReadOnlySequence<byte> readableBuffer, out SequencePosition consumed, out SequencePosition examined)
     {
         var reader = new SequenceReader<byte>(readableBuffer);