Prevent buffer overflow in QuicSimpleServerSession::HandleRstOnValidNonexistentStream

This fix is based on code from <>, thanks to them for reporting the issue and proposing a fix.

The issue here was that this code was using DCHECKs to validate input from the network instead of failing gracefully. QuicSimpleServerSession is not used in production so this code does not require flag protection.

PiperOrigin-RevId: 344319749
Change-Id: Ic0f14412ea5e2b398b48cb3d2333c2e1e01d6d35
1 file changed
tree: 6ecb0ca77cfc6d644523fab511f38651ef16ff0a
  4. common/
  5. epoll_server/
  6. http2/
  7. quic/
  8. spdy/


QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects. QUICHE is only supported on little-endian platforms.

Code can be viewed in CodeSearch in Quiche and is imported into Chromium.