From ab634853dfccfcaf2d319c63cc9a9022249a0815 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 30 Apr 2014 22:09:02 +0900
Subject: [PATCH] Fix 0 size malloc

---
 lib/nghttp2_buf.c   | 11 ++++++++---
 lib/nghttp2_frame.c | 14 +++++++++-----
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/lib/nghttp2_buf.c b/lib/nghttp2_buf.c
index 744f8cd7..9a91fbce 100644
--- a/lib/nghttp2_buf.c
+++ b/lib/nghttp2_buf.c
@@ -366,9 +366,14 @@ ssize_t nghttp2_bufs_remove(nghttp2_bufs *bufs, uint8_t **out)
     len += nghttp2_buf_len(&chain->buf);
   }
 
-  res = malloc(len);
-  if(res == NULL) {
-    return NGHTTP2_ERR_NOMEM;
+  if(!len) {
+    res = NULL;
+  } else {
+    res = malloc(len);
+
+    if(res == NULL) {
+      return NGHTTP2_ERR_NOMEM;
+    }
   }
 
   nghttp2_buf_wrap_init(&resbuf, res, len);
diff --git a/lib/nghttp2_frame.c b/lib/nghttp2_frame.c
index 3baa4d04..3aa4c145 100644
--- a/lib/nghttp2_frame.c
+++ b/lib/nghttp2_frame.c
@@ -671,14 +671,18 @@ int nghttp2_frame_unpack_goaway_payload2(nghttp2_goaway *frame,
 
   payloadlen -= var_gift_payloadlen;
 
-  var_gift_payload = malloc(var_gift_payloadlen);
+  if(!var_gift_payloadlen) {
+    var_gift_payload = NULL;
+  } else {
+    var_gift_payload = malloc(var_gift_payloadlen);
 
-  if(var_gift_payload == NULL) {
-    return NGHTTP2_ERR_NOMEM;
+    if(var_gift_payload == NULL) {
+      return NGHTTP2_ERR_NOMEM;
+    }
+
+    memcpy(var_gift_payload, payload + 8, var_gift_payloadlen);
   }
 
-  memcpy(var_gift_payload, payload + 8, var_gift_payloadlen);
-
   nghttp2_frame_unpack_goaway_payload(frame, payload, payloadlen,
                                       var_gift_payload, var_gift_payloadlen);