diff --git a/source/h2_frames.c b/source/h2_frames.c index d047edc9..83a3961c 100644 --- a/source/h2_frames.c +++ b/source/h2_frames.c @@ -378,7 +378,6 @@ int aws_h2_encode_data_frame( /* Use a sub-buffer to limit where body can go */ struct aws_byte_buf body_sub_buf = aws_byte_buf_from_empty_array(output->buffer + output->len + bytes_preceding_body, max_body); - /* Read body into sub-buffer */ if (aws_input_stream_read(body_stream, &body_sub_buf)) { *body_failed = true; @@ -401,14 +400,14 @@ int aws_h2_encode_data_frame( if (body_sub_buf.len < body_sub_buf.capacity) { /* Body stream was unable to provide as much data as it could have */ *body_stalled = true; - - if (body_sub_buf.len == 0) { - /* This frame would have no useful information, don't even bother sending it */ - goto handle_nothing_to_send_right_now; - } } } + if (body_sub_buf.len == 0 && !(flags & AWS_H2_FRAME_F_END_STREAM)) { + /* This frame would have no useful information, don't even bother sending it */ + goto handle_nothing_to_send_right_now; + } + ENCODER_LOGF( TRACE, encoder, diff --git a/tests/fuzz/fuzz_h2_decoder_correct.c b/tests/fuzz/fuzz_h2_decoder_correct.c index 4f71fa72..8c9c7c94 100644 --- a/tests/fuzz/fuzz_h2_decoder_correct.c +++ b/tests/fuzz/fuzz_h2_decoder_correct.c @@ -233,6 +233,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Allow body to exceed available space. Data encoder should just write what it can fit */ struct aws_input_stream *body = aws_input_stream_new_from_cursor(allocator, &input); + if (input.len == 0) { + /* In case of empty body, make sure the end stream flag to be set, other wise, no frames should be + * generated to decode. */ + body_ends_stream = true; + } bool body_complete; bool body_stalled;