curl_fuzzer: http2.c:1182: Assertion `0' failed. #2894
Closed
Labels
Comments
bagder
added a commit
that referenced
this issue
Aug 17, 2018
Instead of passing the easy handle directly to nghttp2 to map from stream_id to our structs, we create an 'easymap' node (for each new stream) and add to a per-connection linked list. The easymap struct itself contains a pointer to the easy handle and the stream id. This node *MUST* remain in the list until the 'on_stream_close' callback comes. This node can survive the easy handle. If we want to remove the association between a stream and an easy handle before the stream end callback from nghtp2, we now call disassociate_easymap() which "soft removes" the association in the easymap struct only. This is necesary since when nghttp2_submit_request() is called, the stream<=>easy association isn't immediately done by nghttp2 and if we then try to clear the assication at once (using nghttp2_session_set_stream_user_data), that clearing fails and we risk having the (by now) old assication getting done by nghttp2 and then risk subsequently fetching a stale pointer to already freed data. Fixes #2688 Fixes #2894
bagder
added a commit
that referenced
this issue
Aug 20, 2018
... before the stream is started, we have it set to -1. Fixes #2894
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I did this
This is a repost of a curl-fuzzer bug 9943. (closed for the public another 30 days)
The assert was added in ac86eab to help out debugging the HTTP/2 issues in #2688.
curl/libcurl version
current 7.61.1-DEV git master
operating system
Linux, but not important
The text was updated successfully, but these errors were encountered: