MINOR: mux-quic: do not set buffer for empty STREAM frame
Previous patch fixes an issue occurring with empty STREAM frames without
payload. The crash was hidden in part because buf/data fields of
qf_stream were set even if no payload is referenced. This was not the
true cause of the crash but to ease future debugging, a STREAM frame
built with no payload now has its buf and data fields set to NULL.
This should be backported up to 2.6.
diff --git a/src/mux_quic.c b/src/mux_quic.c
index 64b3751..f4306e9 100644
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -1530,11 +1530,19 @@
frm->stream.stream = qcs->stream;
frm->stream.id = qcs->id;
- frm->stream.buf = out;
- frm->stream.data = (unsigned char *)b_peek(out, head);
frm->stream.offset.key = 0;
frm->stream.dup = 0;
+ if (total) {
+ frm->stream.buf = out;
+ frm->stream.data = (unsigned char *)b_peek(out, head);
+ }
+ else {
+ /* Empty STREAM frame. */
+ frm->stream.buf = NULL;
+ frm->stream.data = NULL;
+ }
+
/* FIN is positioned only when the buffer has been totally emptied. */
if (fin)
frm->type |= QUIC_STREAM_FRAME_TYPE_FIN_BIT;
@@ -1544,6 +1552,9 @@
frm->stream.offset.key = qcs->tx.sent_offset;
}
+ /* Always set length bit as we do not know if there is remaining frames
+ * in the final packet after this STREAM.
+ */
frm->type |= QUIC_STREAM_FRAME_TYPE_LEN_BIT;
frm->stream.len = total;