# HG changeset patch
# User Mariano Di Martino <mariano.dimartino@uhasselt.be>
# Date 1630668230 -10800
# Node ID 1f7f98638dc232208250e3d20b424be42d09c880
# Parent  4d871baeacd211c7d45f142e7392eeacb1bb87a5
QUIC: fixed null pointer dereference in MAX_DATA handler.

If a MAX_DATA frame was received before any stream was created, then the worker
process would crash in nginx_quic_handle_max_data_frame() while traversing the
stream tree.  The issue is solved by adding a check that makes sure the tree is
not empty.

diff -r 4d871baeacd2 -r 1f7f98638dc2 src/event/quic/ngx_event_quic_streams.c
--- a/src/event/quic/ngx_event_quic_streams.c	Wed Sep 01 11:12:23 2021 +0300
+++ b/src/event/quic/ngx_event_quic_streams.c	Fri Sep 03 14:23:50 2021 +0300
@@ -1000,7 +1000,9 @@
         return NGX_OK;
     }
 
-    if (qc->streams.sent >= qc->streams.send_max_data) {
+    if (tree->root != tree->sentinel
+        && qc->streams.sent >= qc->streams.send_max_data)
+    {
 
         for (node = ngx_rbtree_min(tree->root, tree->sentinel);
              node;