From ee3e4717fc0f223beb116c06c12ffba2cc1c85b3 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Fri, 10 Aug 2018 15:07:51 -0700 Subject: [PATCH] http2: avoid race condition in OnHeaderCallback Fixes: https://github.com/nodejs/node/issues/21416 PR-URL: https://github.com/nodejs/node/pull/22256 Reviewed-By: Anna Henningsen Reviewed-By: Matteo Collina Reviewed-By: Trivikram Kamat Reviewed-By: George Adams --- src/node_http2.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/node_http2.cc b/src/node_http2.cc index b13632aa32d149..234504256b99bb 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -933,7 +933,12 @@ inline int Http2Session::OnHeaderCallback(nghttp2_session* handle, Http2Session* session = static_cast(user_data); int32_t id = GetFrameID(frame); Http2Stream* stream = session->FindStream(id); - CHECK_NE(stream, nullptr); + // If stream is null at this point, either something odd has happened + // or the stream was closed locally while header processing was occurring. + // either way, do not proceed and close the stream. + if (stream == nullptr) + return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; + // If the stream has already been destroyed, ignore. if (stream->IsDestroyed()) return 0;