mirror of
https://github.com/moparisthebest/curl
synced 2025-01-12 06:28:04 -05:00
http2: handle on_begin_headers() called more than once
This triggered an assert if called more than once in debug mode (and a memory leak if not debug build). With the right sequence of HTTP/2 headers incoming it can happen. Detected by OSS-Fuzz Closes #2507 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
This commit is contained in:
parent
8996300211
commit
6d3c9c8ab4
@ -870,16 +870,12 @@ static int on_begin_headers(nghttp2_session *session,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This is trailer HEADERS started. Allocate buffer for them. */
|
if(!stream->trailer_recvbuf) {
|
||||||
H2BUGF(infof(data_s, "trailer field started\n"));
|
|
||||||
|
|
||||||
DEBUGASSERT(stream->trailer_recvbuf == NULL);
|
|
||||||
|
|
||||||
stream->trailer_recvbuf = Curl_add_buffer_init();
|
stream->trailer_recvbuf = Curl_add_buffer_init();
|
||||||
if(!stream->trailer_recvbuf) {
|
if(!stream->trailer_recvbuf) {
|
||||||
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
|
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user