BUG/MEDIUM: h2: ensure we always know the stream before sending a reset

The recent patch introducing the H2_CS_FRAME_E state to emit stream
resets was not totally correct in that in the rare case where there is
no room left to emit the reset, the next call to process it later could
use an uninitialized stream. This only affects responses to frames that
are sent on closed streams though.

This fix must be backported to 1.8.

diff --git a/src/mux_h2.c b/src/mux_h2.c
index 16c3ba1bebfe142b880b25999ffc5ec89386e2ad..71660f8e8a0dd4dc94d2d9db30f37f9f6912a18d 100644 (file)
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -1808,12 +1808,12 @@ static void h2_process_demux(struct h2c *h2c)
                        h2_skip_frame_hdr(h2c->dbuf);
                }
 
-               if (h2c->st0 == H2_CS_FRAME_E)
-                       goto strm_err;
-
                /* Only H2_CS_FRAME_P and H2_CS_FRAME_A here */
                h2s = h2c_st_by_id(h2c, h2c->dsi);
 
+               if (h2c->st0 == H2_CS_FRAME_E)
+                       goto strm_err;
+
                if (h2s->st == H2_SS_IDLE &&
                    h2c->dft != H2_FT_HEADERS && h2c->dft != H2_FT_PRIORITY) {
                        /* RFC7540#5.1: any frame other than HEADERS or PRIORITY in