| commit | fcd42350a9ee1016591c1ffc038fc28c12ffee96 | [log] [tgz] |
|---|---|---|
| author | bnc <bnc@google.com> | Fri Sep 20 17:55:47 2019 -0700 |
| committer | Copybara-Service <copybara-worker@google.com> | Tue Sep 24 08:32:07 2019 -0700 |
| tree | de7096a2e7b8a5acc63306f0b9916510bcad6384 | |
| parent | f97492c63e718825e7d50d34bf383b70fb280f15 [diff] |
Signal error in HttpDecoder on empty PUSH_PROMISE frame. Currently on an empty, invalid PUSH_PROMISE frame HttpDecoder transitions from STATE_READING_FRAME_LENGTH directly to STATE_FINISH_PARSING, skipping STATE_READING_FRAME_PAYLOAD, which results in calling Visitor::OnPushPromiseFrameEnd() without calling Visitor::OnPushPromiseFrameStart(). This is wrong and can cause QuicSpdyStream to crash. This was caught by ClusterFuzz at https://crbug.com/1001823. Also add tests for other empty frames, and sanity DCHECKs in QuicSpdyStream. gfe-relnote: n/a, change to QUIC v99-only code. Protected by existing disabled gfe2_reloadable_flag_quic_enable_version_99. PiperOrigin-RevId: 270386637 Change-Id: I0c1944d1df300136d27367679e3128dd45e9bfd3
QUICHE (QUIC, Http/2, Etc) is Google‘s implementation of QUIC and related protocols. It powers Chromium as well as Google’s QUIC servers and some other projects.
The code is currently in process of being moved from https://cs.chromium.org/chromium/src/net/third_party/ into this repository. Please excuse our appearance while we're under construction.