aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/core/transport/chttp2/hpack_parser.c22
-rw-r--r--test/core/bad_client/tests/headers.c6
-rw-r--r--test/core/surface/completion_queue_test.c14
3 files changed, 33 insertions, 9 deletions
diff --git a/src/core/transport/chttp2/hpack_parser.c b/src/core/transport/chttp2/hpack_parser.c
index e5453000ec..30f0d469e3 100644
--- a/src/core/transport/chttp2/hpack_parser.c
+++ b/src/core/transport/chttp2/hpack_parser.c
@@ -1418,15 +1418,19 @@ grpc_chttp2_parse_error grpc_chttp2_header_parser_parse(
GPR_TIMER_END("grpc_chttp2_hpack_parser_parse", 0);
return GRPC_CHTTP2_CONNECTION_ERROR;
}
- if (parser->is_boundary) {
- stream_parsing
- ->got_metadata_on_parse[stream_parsing->header_frames_received] = 1;
- stream_parsing->header_frames_received++;
- grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
- stream_parsing);
- }
- if (parser->is_eof) {
- stream_parsing->received_close = 1;
+ /* need to check for null stream: this can occur if we receive an invalid
+ stream id on a header */
+ if (stream_parsing != NULL) {
+ if (parser->is_boundary) {
+ stream_parsing
+ ->got_metadata_on_parse[stream_parsing->header_frames_received] = 1;
+ stream_parsing->header_frames_received++;
+ grpc_chttp2_list_add_parsing_seen_stream(transport_parsing,
+ stream_parsing);
+ }
+ if (parser->is_eof) {
+ stream_parsing->received_close = 1;
+ }
}
parser->on_header = on_header_not_set;
parser->on_header_user_data = NULL;
diff --git a/test/core/bad_client/tests/headers.c b/test/core/bad_client/tests/headers.c
index 1d18a8241a..c16bfd623b 100644
--- a/test/core/bad_client/tests/headers.c
+++ b/test/core/bad_client/tests/headers.c
@@ -195,5 +195,11 @@ int main(int argc, char **argv) {
"\x00\x00\x00\x09\x04\x00\x00\x00\x01",
0);
+ /* an invalid header found with fuzzing */
+ GRPC_RUN_BAD_CLIENT_TEST(verifier,
+ PFX_STR
+ "\x00\x00\x00\x01\x39\x67\xed\x1d\x64",
+ GRPC_BAD_CLIENT_DISCONNECT);
+
return 0;
}
diff --git a/test/core/surface/completion_queue_test.c b/test/core/surface/completion_queue_test.c
index e3fc789788..7a5cf30506 100644
--- a/test/core/surface/completion_queue_test.c
+++ b/test/core/surface/completion_queue_test.c
@@ -175,6 +175,19 @@ static void test_pluck(void) {
grpc_exec_ctx_finish(&exec_ctx);
}
+static void test_pluck_after_shutdown(void) {
+ grpc_event ev;
+ grpc_completion_queue *cc;
+
+ LOG_TEST("test_pluck_after_shutdown");
+ cc = grpc_completion_queue_create(NULL);
+ grpc_completion_queue_shutdown(cc);
+ ev = grpc_completion_queue_pluck(cc, NULL, gpr_inf_future(GPR_CLOCK_REALTIME),
+ NULL);
+ GPR_ASSERT(ev.type == GRPC_QUEUE_SHUTDOWN);
+ grpc_completion_queue_destroy(cc);
+}
+
#define TEST_THREAD_EVENTS 10000
typedef struct test_thread_options {
@@ -343,6 +356,7 @@ int main(int argc, char **argv) {
test_shutdown_then_next_with_timeout();
test_cq_end_op();
test_pluck();
+ test_pluck_after_shutdown();
test_threading(1, 1);
test_threading(1, 10);
test_threading(10, 1);
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-08 13:34:40 +0000