From 78d5302b5c05a49ecfa2ee8b8f1a21a2902357d3 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 22 Aug 2018 09:47:22 +0200
Subject: http2: abort the send_callback if not setup yet

When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
---
 lib/http2.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/http2.c b/lib/http2.c
index 251fcd8e8..22655e94c 100644
--- a/lib/http2.c
+++ b/lib/http2.c
@@ -370,6 +370,10 @@ static ssize_t send_callback(nghttp2_session *h2,
   (void)h2;
   (void)flags;
 
+  if(!c->send_underlying)
+    /* called before setup properly! */
+    return NGHTTP2_ERR_CALLBACK_FAILURE;
+
   written = ((Curl_send*)c->send_underlying)(conn, FIRSTSOCKET,
                                              data, length, &result);
 
-- 
cgit v1.2.3