From 42c5b75cac88401bd02157588643285796e2af8a Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Tue, 25 Apr 2023 16:39:32 +0200 Subject: [PATCH] MINOR: mux-quic: do not set buffer for empty STREAM frame Previous patch fixes an issue occurring with empty STREAM frames without payload. The crash was hidden in part because buf/data fields of qf_stream were set even if no payload is referenced. This was not the true cause of the crash but to ease future debugging, a STREAM frame built with no payload now has its buf and data fields set to NULL. This should be backported up to 2.6. --- src/mux_quic.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index 64b3751..f4306e9 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -1530,11 +1530,19 @@ static int qcs_build_stream_frm(struct qcs *qcs, struct buffer *out, char fin, frm->stream.stream = qcs->stream; frm->stream.id = qcs->id; - frm->stream.buf = out; - frm->stream.data = (unsigned char *)b_peek(out, head); frm->stream.offset.key = 0; frm->stream.dup = 0; + if (total) { + frm->stream.buf = out; + frm->stream.data = (unsigned char *)b_peek(out, head); + } + else { + /* Empty STREAM frame. */ + frm->stream.buf = NULL; + frm->stream.data = NULL; + } + /* FIN is positioned only when the buffer has been totally emptied. */ if (fin) frm->type |= QUIC_STREAM_FRAME_TYPE_FIN_BIT; @@ -1544,6 +1552,9 @@ static int qcs_build_stream_frm(struct qcs *qcs, struct buffer *out, char fin, frm->stream.offset.key = qcs->tx.sent_offset; } + /* Always set length bit as we do not know if there is remaining frames + * in the final packet after this STREAM. + */ frm->type |= QUIC_STREAM_FRAME_TYPE_LEN_BIT; frm->stream.len = total; -- 1.7.10.4