MINOR: mux-quic: do not set buffer for empty STREAM frame

Previous patch fixes an issue occurring with empty STREAM frames without
payload. The crash was hidden in part because buf/data fields of
qf_stream were set even if no payload is referenced. This was not the
true cause of the crash but to ease future debugging, a STREAM frame
built with no payload now has its buf and data fields set to NULL.

This should be backported up to 2.6.

diff --git a/src/mux_quic.c b/src/mux_quic.c
index 64b3751913f0cb9ef5f13e42d5ebe14d9daa4429..f4306e9056fb9908cdc177ade787d8e934363935 100644 (file)
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -1530,11 +1530,19 @@ static int qcs_build_stream_frm(struct qcs *qcs, struct buffer *out, char fin,
 
        frm->stream.stream = qcs->stream;
        frm->stream.id = qcs->id;
-       frm->stream.buf = out;
-       frm->stream.data = (unsigned char *)b_peek(out, head);
        frm->stream.offset.key = 0;
        frm->stream.dup = 0;
 
+       if (total) {
+               frm->stream.buf = out;
+               frm->stream.data = (unsigned char *)b_peek(out, head);
+       }
+       else {
+               /* Empty STREAM frame. */
+               frm->stream.buf = NULL;
+               frm->stream.data = NULL;
+       }
+
        /* FIN is positioned only when the buffer has been totally emptied. */
        if (fin)
                frm->type |= QUIC_STREAM_FRAME_TYPE_FIN_BIT;
@@ -1544,6 +1552,9 @@ static int qcs_build_stream_frm(struct qcs *qcs, struct buffer *out, char fin,
                frm->stream.offset.key = qcs->tx.sent_offset;
        }
 
+       /* Always set length bit as we do not know if there is remaining frames
+        * in the final packet after this STREAM.
+        */
        frm->type |= QUIC_STREAM_FRAME_TYPE_LEN_BIT;
        frm->stream.len = total;