From 23765d51790dde221c6c2979b8d0673b4ac13610 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 26 Apr 2022 14:48:19 -0700
Subject: [PATCH] Backport MR #281 to fix a crash (#2070240)

---
 ...ry-a-write-after-the-last-data-frame.patch | 48 +++++++++++++++++++
 1 file changed, 48 insertions(+)
 create mode 100644 0001-http2-do-not-try-a-write-after-the-last-data-frame.patch

diff --git a/0001-http2-do-not-try-a-write-after-the-last-data-frame.patch b/0001-http2-do-not-try-a-write-after-the-last-data-frame.patch
new file mode 100644
index 0000000..86624e4
--- /dev/null
+++ b/0001-http2-do-not-try-a-write-after-the-last-data-frame.patch
@@ -0,0 +1,48 @@
+From 2e26cdc20bda3c67f409ef2d567a6be01d921b15 Mon Sep 17 00:00:00 2001
+From: Carlos Garcia Campos <cgarcia@igalia.com>
+Date: Sat, 26 Mar 2022 10:29:14 +0100
+Subject: [PATCH] http2: do not try a write after the last data frame
+
+It crashes accessing data->item because the stream is closed at this
+point.
+
+Fixes #272
+---
+ libsoup/http2/soup-client-message-io-http2.c | 19 +++++++++++--------
+ 1 file changed, 11 insertions(+), 8 deletions(-)
+
+diff --git a/libsoup/http2/soup-client-message-io-http2.c b/libsoup/http2/soup-client-message-io-http2.c
+index 0426a142..e0d96241 100644
+--- a/libsoup/http2/soup-client-message-io-http2.c
++++ b/libsoup/http2/soup-client-message-io-http2.c
+@@ -759,16 +759,19 @@ on_frame_recv_callback (nghttp2_session     *session,
+         case NGHTTP2_DATA:
+                 if (data->metrics)
+                         data->metrics->response_body_bytes_received += frame->data.hd.length + FRAME_HEADER_SIZE;
+-                if (frame->hd.flags & NGHTTP2_FLAG_END_STREAM && data->body_istream) {
+-                        soup_body_input_stream_http2_complete (SOUP_BODY_INPUT_STREAM_HTTP2 (data->body_istream));
+-                        if (data->state == STATE_READ_DATA_START) {
+-                                io_try_sniff_content (data, FALSE, data->item->cancellable);
+-                                if (data->state == STATE_READ_DATA && data->item->async)
+-                                        soup_http2_message_data_check_status (data);
++                if (frame->hd.flags & NGHTTP2_FLAG_END_STREAM) {
++                        if (data->body_istream) {
++                                soup_body_input_stream_http2_complete (SOUP_BODY_INPUT_STREAM_HTTP2 (data->body_istream));
++                                if (data->state == STATE_READ_DATA_START) {
++                                        io_try_sniff_content (data, FALSE, data->item->cancellable);
++                                        if (data->state == STATE_READ_DATA && data->item->async)
++                                                soup_http2_message_data_check_status (data);
++                                }
+                         }
++                } else {
++                        /* Try to write after every data frame, since nghttp2 might need to send a window update. */
++                        io_try_write (io, !data->item->async);
+                 }
+-                /* Try to write after every data frame, since nghttp2 might need to send a window update. */
+-                io_try_write (io, !data->item->async);
+                 break;
+         case NGHTTP2_RST_STREAM:
+                 if (frame->rst_stream.error_code != NGHTTP2_NO_ERROR) {
+-- 
+2.36.0
+