> Am 27.09.2022 um 13:43 schrieb Ruediger Pluem <rpl...@apache.org>:
>
>
>
> On 9/27/22 12:53 PM, ic...@apache.org wrote:
>> Author: icing--- httpd/httpd/trunk/modules/http2/h2_stream.c (original)
>> +++ httpd/httpd/trunk/modules/http2/h2_stream.c Tue Sep 27 10:53:51 2022
>> @@ -147,7 +147,7 @@ static int on_frame(h2_stream_state_t st
>> {
>> ap_assert(frame_type >= 0);
>> ap_assert(state >= 0);
>> - if (frame_type >= maxlen) {
>> + if (frame_type < 0 || (apr_size_t)frame_type >= maxlen) {
>
> Do we need to check for frame_type < 0 with ap_assert(frame_type >= 0); two
> lines above?
Good catch.
>> return state; /* NOP, ignore unknown frame types */
>> }
>> return on_map(state, frame_map[frame_type]);
>
>> + /* signed apr_off_t is at least as large as unsigned apr_size_t.
>> + * Propblems may arise when they are both the same size. Then
>
> Problems instead of Propblems :-)
Nice!
>
> Regards
>
> RĂ¼diger
>