Prevent crash when trying to serialize packet with missing encryption key
b/151452116 shows GFE crashing in QuicFramer due to dereferencing a null pointer. This CL adds checks for this and triggers a QUIC_BUG instead of crashing. Our goal is to have the issue reproduce with the QUIC_BUG so we can investigate further what's causing us to get into that state.
gfe-relnote: replace crash with GFE_BUG, not flag-protected
PiperOrigin-RevId: 301250535
Change-Id: I4e88a9de2cec50867fd4c166a3688147670dd264
diff --git a/quic/core/quic_framer.cc b/quic/core/quic_framer.cc
index eeaf258..0b296df 100644
--- a/quic/core/quic_framer.cc
+++ b/quic/core/quic_framer.cc
@@ -4256,6 +4256,14 @@
return false;
}
+ if (encrypter_[level] == nullptr) {
+ QUIC_BUG
+ << ENDPOINT
+ << "Attempted to apply header protection without encrypter at level "
+ << EncryptionLevelToString(level) << " using " << version_;
+ return false;
+ }
+
std::string mask = encrypter_[level]->GenerateHeaderProtectionMask(sample);
if (mask.empty()) {
QUIC_BUG << "Unable to generate header protection mask.";
@@ -4475,6 +4483,12 @@
size_t QuicFramer::GetCiphertextSize(EncryptionLevel level,
size_t plaintext_size) const {
+ if (encrypter_[level] == nullptr) {
+ QUIC_BUG << ENDPOINT
+ << "Attempted to get ciphertext size without encrypter at level "
+ << EncryptionLevelToString(level) << " using " << version_;
+ return plaintext_size;
+ }
return encrypter_[level]->GetCiphertextSize(plaintext_size);
}
