Google Git
Sign in
quiche / quiche.git / a980ce57f3a7dd6dcba5164da94e8a8563d844eb
commita980ce57f3a7dd6dcba5164da94e8a8563d844eb[log] [tgz]
authorbnc <bnc@google.com>Fri Jun 14 10:49:15 2019 -0700
committerCopybara-Service <copybara-worker@google.com>Fri Jun 14 12:50:43 2019 -0700
treef546432d5ede1c9cb4f8b3f26a17c6da81a13673
parentd21094b68317cb83115587373be4d53d5af5a4ad [diff]
Do not send empty frame if stream is reset.

If a QUIC version other than v99 is used (that is, Google QUIC), and an empty header list (or a too large header list that becomes empty by the way QuicHeaderList enforces size limit) with FIN is received by QuicSpdyStream::OnStreamHeaderList(), then the stream is reset by OnHeadersTooLarge(), then OnInitialHeadersComplete() sends an empty frame to OnStreamFrame().  If the write side of the stream is already closed, then this triggers the following DCHECK:
quic_stream.cc:300 Check failed: !(read_side_closed_ && write_side_closed_)

This CL prevents that frame write if the stream is already reset.

The same issue does not arise with trailers, because if QuicHeaderList is empty, then SpdyUtils::CopyAndValidateTrailers() called from QuicSpdyStream::OnTrailingHeadersComplete() fails before the empty QuicStreamFrame is sent out.

I locally verified that the added test crashes without the fix.

gfe-relnote: Prevent DCHECK from firing.  TODO Does this need to be flag protected?
PiperOrigin-RevId: 253256678
Change-Id: Ib5e6249fb850388637fd684f97f1ea93dc02e980
2 files changed
tree: f546432d5ede1c9cb4f8b3f26a17c6da81a13673
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/
  6. CONTRIBUTING.md
  7. LICENSE
  8. README.md
README.md

QUICHE

QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.

The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.