From 58d87f31f7391d419182d61743bbe82524f8fd5a Mon Sep 17 00:00:00 2001 From: Olivier Houchard Date: Wed, 29 May 2019 16:44:17 +0200 Subject: [PATCH] BUG/MEDIUM: h2: Don't forget to set h2s->cs to NULL after having free'd cs. In h2c_frt_stream_new, if we failed to create the stream for some reason, don't forget to set h2s->cs to NULL before calling h2s_destroy(), otherwise h2s_destroy() will call h2s_close(), which will attempt to access h2s->cs->flags if it's non-NULL. This should be backported to 1.9. --- src/mux_h2.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/mux_h2.c b/src/mux_h2.c index 8b8135d1a..557a158ca 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -1027,6 +1027,7 @@ static struct h2s *h2c_frt_stream_new(struct h2c *h2c, int id) out_free_cs: h2c->nb_cs--; cs_free(cs); + h2s->cs = NULL; out_close: h2s_destroy(h2s); out: