On Mon, 31 Jul 2023, Richard W.M. Jones wrote:
Hello Richard,
Thanks to your awesome reproducer, Stefan and I manged to reproduce the
problem and figure out what's going on.
It is a time sensitive race. The time between the HTTP/1+upgrade request is
sent until it comes back and is upgraded to HTTP/2 proper, curl could
accidentally pick that connection as "a HTTP/2 connection suitable for
multiplexing" even though it wasn't doing HTTP/2 just yet.
This is a problem unique to HTTP + upgrade (ie not HTTPS) and it needs more
than connection for it to trigger.
I have a work in progress patch that seems to (at least) fix the crash:
https://github.com/curl/curl/pull/11557
Stefan has a test case pending and will try out this patch there tomorrow, so
we might need to polish it a little more before we land it.
--
/ daniel.haxx.se
| Commercial curl support up to 24x7 is available!
| Private help, bug fixes, support, ports, new features
| https://curl.se/support.html
--
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette: https://curl.se/mail/etiquette.html
