From 1fee4fd2df83de6b452178491c1ddbe3606f1f67 Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Wed, 26 Feb 2014 23:20:52 +0900 Subject: [PATCH] nghttp2_hd: Fail inflate immediately if ctx.bad is nonzero Doing inflation after error produces invalid results, especially, if it is in NGHTTP2_HD_STATE_READ_INDEX, the inflater->left could be 0, which causes assertion error. Add sanity assertion for index --- lib/nghttp2_hd.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/nghttp2_hd.c b/lib/nghttp2_hd.c index a6477471..b2ee53dd 100644 --- a/lib/nghttp2_hd.c +++ b/lib/nghttp2_hd.c @@ -1390,6 +1390,10 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater, uint8_t *last = in + inlen; int rfin = 0; + if(inflater->ctx.bad) { + return NGHTTP2_ERR_HEADER_COMP; + } + DEBUGF(fprintf(stderr, "nghtp2_hd_infalte_hd start state=%d\n", inflater->state)); hd_inflate_keep_free(inflater); @@ -1487,6 +1491,7 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater, } } else { inflater->index = inflater->left; + assert(inflater->index > 0); --inflater->index; inflater->ent_name = nghttp2_hd_table_get(&inflater->ctx, inflater->index);