Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
GitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
http2: convert an assert to run-time check #2514
Fuzzing has proven we can reach code in on_frame_recv with status_code
Detected by OSS-Fuzz
Fuzzing has proven we can reach code in on_frame_recv with status_code not having been set, so let's detect that in run-time (instead of with assert) and error error accordingly. Detected by OSS-Fuzz Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7903
I have no permission to view the page, but it looks like https://github.com/curl/curl/pull/2514/files#diff-7dcf04be672466b7a56e6a81df098c6bR635 is suspicious to me. I think we should set -1 to status_code only for 1xx status code.
@tatsuhiro-t: looking at this a bit more; it looks like status_code is only being set in
I don't have any more knowledge here about whether the status_code comment is correct or not; however, I think this fix is likely to solve our problems by basically being defensive.