Unverified Commit 1d71ce84 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

http2: fix null pointer dereference in http2_connisdead 

This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.

Reported-by: Dario Weisser

Follow-up to db1b2c7f (never shipped in a release)
Closes #2536
parent 2ef1662e

lib/http2.c

+5 −2
Original line number Diff line number Diff line
@@ -202,7 +202,10 @@ static bool http2_connisdead(struct connectdata *conn) 
         only "protocol frames" */

      CURLcode result;

      struct http_conn *httpc = &conn->proto.httpc;

      ssize_t nread = ((Curl_recv *)httpc->recv_underlying)(

      ssize_t nread = -1;

      if(httpc->recv_underlying)

        /* if called "too early", this pointer isn't setup yet! */

        nread = ((Curl_recv *)httpc->recv_underlying)(

          conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result);

      if(nread != -1) {

        infof(conn->data,