diff options
| author |  Craig Tiller <ctiller@google.com> | 2015-12-08 08:30:39 -0800 |
|---|---|---|
| committer | Craig Tiller <ctiller@google.com> | 2015-12-08 08:30:39 -0800 |
| commit | c3218147de0cc8109804f8959d7bfa6eac44b6ef (patch) | |
| tree | 1ffd77cea7d85315857564447ab63b99504ea3d2 /src/core/transport | |
| parent | 8f3a2406f2f37aaeaa61438361b7d4594fe2e3ab (diff) | |
Fix fuzzing detected crash
Diffstat (limited to 'src/core/transport')
| -rw-r--r-- | src/core/transport/chttp2/hpack_parser.c | 22 |
1 files changed, 13 insertions, 9 deletions
diff --git a/src/core/transport/chttp2/hpack_parser.c b/src/core/transport/chttp2/hpack_parser.c index e5453000ec..30f0d469e3 100644 --- a/src/core/transport/chttp2/hpack_parser.c +++ b/src/core/transport/chttp2/hpack_parser.c @@ -1418,15 +1418,19 @@ grpc_chttp2_parse_error grpc_chttp2_header_parser_parse( GPR_TIMER_END("grpc_chttp2_hpack_parser_parse", 0); return GRPC_CHTTP2_CONNECTION_ERROR; } - if (parser->is_boundary) { - stream_parsing - ->got_metadata_on_parse[stream_parsing->header_frames_received] = 1; - stream_parsing->header_frames_received++; - grpc_chttp2_list_add_parsing_seen_stream(transport_parsing, - stream_parsing); - } - if (parser->is_eof) { - stream_parsing->received_close = 1; + /* need to check for null stream: this can occur if we receive an invalid + stream id on a header */ + if (stream_parsing != NULL) { + if (parser->is_boundary) { + stream_parsing + ->got_metadata_on_parse[stream_parsing->header_frames_received] = 1; + stream_parsing->header_frames_received++; + grpc_chttp2_list_add_parsing_seen_stream(transport_parsing, + stream_parsing); + } + if (parser->is_eof) { + stream_parsing->received_close = 1; + } } parser->on_header = on_header_not_set; parser->on_header_user_data = NULL; |