aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-04-26 16:07:10 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-04-26 23:23:02 +0200
commit1d71ce845a6ac3887205c2842fad0a476f7cf3ec (patch)
tree9ae15e425c5ec29dd87e1d7945ff1d5264af426f
parent2ef1662e4bc20f1641bc678141c2df0e42e21e3f (diff)
http2: fix null pointer dereference in http2_connisdead
This function can get called on a connection that isn't setup enough to have the 'recv_underlying' function pointer initialized so it would try to call the NULL pointer. Reported-by: Dario Weisser Follow-up to db1b2c7fe9b093f8 (never shipped in a release) Closes #2536
-rw-r--r--lib/http2.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/http2.c b/lib/http2.c
index 25d74c1a1..770ebdab5 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -202,8 +202,11 @@ static bool http2_connisdead(struct connectdata *conn)
only "protocol frames" */
CURLcode result;
struct http_conn *httpc = &conn->proto.httpc;
- ssize_t nread = ((Curl_recv *)httpc->recv_underlying)(
- conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);
+ ssize_t nread = -1;
+ if(httpc->recv_underlying)
+ /* if called "too early", this pointer isn't setup yet! */
+ nread = ((Curl_recv *)httpc->recv_underlying)(
+ conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);
if(nread != -1) {
infof(conn->data,
"%d bytes stray data read before trying h2 connection\n",