walkero
/
nghttp2
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix crash when indexed repr index=0

This commit is contained in:
Tatsuhiro Tsujikawa 2014-05-01 09:06:54 +09:00
parent 3c431da6aa
commit 855f39743a
4 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/nghttp2_hd.c
View File

@ -1671,7 +1671,14 @@ ssize_t nghttp2_hd_inflate_hd(nghttp2_hd_inflater *inflater,
if(rv < 0) { if(rv < 0) {
goto fail; goto fail;
} }
in += rv; in += rv;
if(inflater->left == 0) {
rv = NGHTTP2_ERR_HEADER_COMP;
goto fail;
}
if(!rfin) { if(!rfin) {
goto almost_ok; goto almost_ok;
} }

2
tests/main.c
View File

@ -258,6 +258,8 @@ int main(int argc, char* argv[])
test_nghttp2_hd_deflate_common_header_eviction) || test_nghttp2_hd_deflate_common_header_eviction) ||
!CU_add_test(pSuite, "hd_deflate_clear_refset", !CU_add_test(pSuite, "hd_deflate_clear_refset",
test_nghttp2_hd_deflate_clear_refset) || test_nghttp2_hd_deflate_clear_refset) ||
!CU_add_test(pSuite, "hd_inflate_indexed",
test_nghttp2_hd_inflate_indexed) ||
!CU_add_test(pSuite, "hd_inflate_indname_noinc", !CU_add_test(pSuite, "hd_inflate_indname_noinc",
test_nghttp2_hd_inflate_indname_noinc) || test_nghttp2_hd_inflate_indname_noinc) ||
!CU_add_test(pSuite, "hd_inflate_indname_inc", !CU_add_test(pSuite, "hd_inflate_indname_inc",

39
tests/nghttp2_hd_test.c
View File

@ -309,6 +309,45 @@ void test_nghttp2_hd_deflate_clear_refset(void)
nghttp2_hd_deflate_free(&deflater); nghttp2_hd_deflate_free(&deflater);
} }
void test_nghttp2_hd_inflate_indexed(void)
{
nghttp2_hd_inflater inflater;
nghttp2_bufs bufs;
ssize_t blocklen;
nghttp2_nv nv = MAKE_NV(":path", "/");
nva_out out;
frame_pack_bufs_init(&bufs);
nva_out_init(&out);
nghttp2_hd_inflate_init(&inflater);
nghttp2_bufs_addb(&bufs, (1 << 7) | 4);
blocklen = nghttp2_bufs_len(&bufs);
CU_ASSERT(1 == blocklen);
CU_ASSERT(blocklen == inflate_hd(&inflater, &out, &bufs, 0));
CU_ASSERT(1 == out.nvlen);
assert_nv_equal(&nv, out.nva, 1);
nva_out_reset(&out);
nghttp2_bufs_reset(&bufs);
/* index = 0 is error */
nghttp2_bufs_addb(&bufs, 1 << 7);
blocklen = nghttp2_bufs_len(&bufs);
CU_ASSERT(1 == blocklen);
CU_ASSERT(NGHTTP2_ERR_HEADER_COMP == inflate_hd(&inflater, &out, &bufs, 0));
nghttp2_bufs_free(&bufs);
nghttp2_hd_inflate_free(&inflater);
}
void test_nghttp2_hd_inflate_indname_noinc(void) void test_nghttp2_hd_inflate_indname_noinc(void)
{ {
nghttp2_hd_inflater inflater; nghttp2_hd_inflater inflater;

1
tests/nghttp2_hd_test.h
View File

@ -29,6 +29,7 @@ void test_nghttp2_hd_deflate(void);
void test_nghttp2_hd_deflate_same_indexed_repr(void); void test_nghttp2_hd_deflate_same_indexed_repr(void);
void test_nghttp2_hd_deflate_common_header_eviction(void); void test_nghttp2_hd_deflate_common_header_eviction(void);
void test_nghttp2_hd_deflate_clear_refset(void); void test_nghttp2_hd_deflate_clear_refset(void);
void test_nghttp2_hd_inflate_indexed(void);
void test_nghttp2_hd_inflate_indname_noinc(void); void test_nghttp2_hd_inflate_indname_noinc(void);
void test_nghttp2_hd_inflate_indname_inc(void); void test_nghttp2_hd_inflate_indname_inc(void);
void test_nghttp2_hd_inflate_indname_inc_eviction(void); void test_nghttp2_hd_inflate_indname_inc_eviction(void);