/src/h2o/lib/http2/frame.c

Source (jump to first uncovered line)
/*
 * Copyright (c) 2014 DeNA Co., Ltd.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to
 * deal in the Software without restriction, including without limitation the
 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
 * sell copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 * IN THE SOFTWARE.
 */
#include "h2o/http2_common.h"

const h2o_http2_priority_t h2o_http2_default_priority = {
    0, /* exclusive */
    0, /* dependency */
    16 /* weight */
};

const h2o_http2_settings_t H2O_HTTP2_SETTINGS_DEFAULT = {
    /* header_table_size */ 4096,
    /* enable_push */ 1,
    /* max_concurrent_streams */ UINT32_MAX,
    /* initial_window_size */ 65535,
    /* max_frame_size */ 16384};

int h2o_http2_update_peer_settings(h2o_http2_settings_t *settings, const uint8_t *src, size_t len, const char **err_desc)
{
    for (; len >= 6; len -= 6, src += 6) {
        uint16_t identifier = h2o_http2_decode16u(src);
        uint32_t value = h2o_http2_decode32u(src + 2);
        switch (identifier) {
#define SET(label, member, min, max, err_code)                                                                                     \
    case H2O_HTTP2_SETTINGS_##label:                                                                                               \
        if (!(min <= value && value <= max)) {                                                                                     \
            *err_desc = "invalid SETTINGS frame";                                                                                  \
            return err_code;                                                                                                       \
        }                                                                                                                          \
        settings->member = value;                                                                                                  \
        break
            SET(HEADER_TABLE_SIZE, header_table_size, 0, UINT32_MAX, 0);
            SET(ENABLE_PUSH, enable_push, 0, 1, H2O_HTTP2_ERROR_PROTOCOL);
            SET(MAX_CONCURRENT_STREAMS, max_concurrent_streams, 0, UINT32_MAX, 0);
            SET(INITIAL_WINDOW_SIZE, initial_window_size, 0, 0x7fffffff, H2O_HTTP2_ERROR_FLOW_CONTROL);
            SET(MAX_FRAME_SIZE, max_frame_size, 16384, 16777215, H2O_HTTP2_ERROR_PROTOCOL);
#undef SET
        default:
            /* ignore unknown (5.5) */
            break;
        }
    }

    if (len != 0)
        return H2O_HTTP2_ERROR_FRAME_SIZE;
    return 0;
}

uint8_t *h2o_http2_encode_frame_header(uint8_t *dst, size_t length, uint8_t type, uint8_t flags, int32_t stream_id)
{
    if (length > 0xffffff)
        h2o_fatal("invalid length");

    dst = h2o_http2_encode24u(dst, (uint32_t)length);
    *dst++ = type;
    *dst++ = flags;
    dst = h2o_http2_encode32u(dst, stream_id);

    return dst;
}

static uint8_t *allocate_frame(h2o_buffer_t **buf, size_t length, uint8_t type, uint8_t flags, int32_t stream_id)
{
    h2o_iovec_t alloced = h2o_buffer_reserve(buf, H2O_HTTP2_FRAME_HEADER_SIZE + length);
    (*buf)->size += H2O_HTTP2_FRAME_HEADER_SIZE + length;
    return h2o_http2_encode_frame_header((uint8_t *)alloced.base, length, type, flags, stream_id);
}

void h2o_http2__encode_rst_stream_frame(h2o_buffer_t **buf, uint32_t stream_id, int errnum)
{
    uint8_t *dst = allocate_frame(buf, 4, H2O_HTTP2_FRAME_TYPE_RST_STREAM, 0, stream_id);
    dst = h2o_http2_encode32u(dst, errnum);
}

void h2o_http2_encode_ping_frame(h2o_buffer_t **buf, int is_ack, const uint8_t *data)
{
    uint8_t *dst = allocate_frame(buf, 8, H2O_HTTP2_FRAME_TYPE_PING, is_ack ? H2O_HTTP2_FRAME_FLAG_ACK : 0, 0);
    memcpy(dst, data, 8);
    dst += 8;
}

void h2o_http2_encode_goaway_frame(h2o_buffer_t **buf, uint32_t last_stream_id, int errnum, h2o_iovec_t additional_data)
{
    uint8_t *dst = allocate_frame(buf, 8 + additional_data.len, H2O_HTTP2_FRAME_TYPE_GOAWAY, 0, 0);
    dst = h2o_http2_encode32u(dst, last_stream_id);
    dst = h2o_http2_encode32u(dst, (uint32_t)-errnum);
    h2o_memcpy(dst, additional_data.base, additional_data.len);
}

void h2o_http2_encode_settings_frame(h2o_buffer_t **buf, h2o_http2_settings_kvpair_t *settings, size_t num_settings)
{
    uint8_t *dst = allocate_frame(buf, 6 * num_settings, H2O_HTTP2_FRAME_TYPE_SETTINGS, 0, 0);
    for (size_t i = 0; i < num_settings; ++i) {
        dst = h2o_http2_encode16u(dst, settings[i].key);
        dst = h2o_http2_encode32u(dst, settings[i].value);
    }
}

void h2o_http2_encode_window_update_frame(h2o_buffer_t **buf, uint32_t stream_id, int32_t window_size_increment)
{
    uint8_t *dst = allocate_frame(buf, 4, H2O_HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0, stream_id);
    dst = h2o_http2_encode32u(dst, window_size_increment);
}

void h2o_http2_encode_origin_frame(h2o_buffer_t **buf, h2o_iovec_t payload)
{
    uint8_t *dst = allocate_frame(buf, payload.len, H2O_HTTP2_FRAME_TYPE_ORIGIN, 0, 0);
    memcpy(dst, payload.base, payload.len);
}

ssize_t h2o_http2_decode_frame(h2o_http2_frame_t *frame, const uint8_t *src, size_t len, size_t max_frame_size,
                               const char **err_desc)
{
    if (len < H2O_HTTP2_FRAME_HEADER_SIZE)
        return H2O_HTTP2_ERROR_INCOMPLETE;

    frame->length = h2o_http2_decode24u(src);
    frame->type = src[3];
    frame->flags = src[4];
    frame->stream_id = h2o_http2_decode32u(src + 5) & 0x7fffffff;

    if (frame->length > max_frame_size)
        return H2O_HTTP2_ERROR_FRAME_SIZE;

    if (len < H2O_HTTP2_FRAME_HEADER_SIZE + frame->length)
        return H2O_HTTP2_ERROR_INCOMPLETE;

    frame->payload = src + H2O_HTTP2_FRAME_HEADER_SIZE;

    return H2O_HTTP2_FRAME_HEADER_SIZE + frame->length;
}

int h2o_http2_decode_data_payload(h2o_http2_data_payload_t *payload, const h2o_http2_frame_t *frame, const char **err_desc)
{
    if (frame->stream_id == 0) {
        *err_desc = "invalid stream id in DATA frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }

    if ((frame->flags & H2O_HTTP2_FRAME_FLAG_PADDED) != 0) {
        uint8_t padding_length;
        if (frame->length < 1) {
            *err_desc = "invalid DATA frame";
            return H2O_HTTP2_ERROR_PROTOCOL;
        }
        padding_length = frame->payload[0];
        if (frame->length < 1 + padding_length) {
            *err_desc = "invalid DATA frame";
            return H2O_HTTP2_ERROR_PROTOCOL;
        }
        payload->data = frame->payload + 1;
        payload->length = frame->length - (1 + padding_length);
    } else {
        payload->data = frame->payload;
        payload->length = frame->length;
    }
    return 0;
}

static const uint8_t *decode_priority(h2o_http2_priority_t *priority, const uint8_t *src)
{
    uint32_t u4 = h2o_http2_decode32u(src);
    src += 4;
    priority->exclusive = u4 >> 31;
    priority->dependency = u4 & 0x7fffffff;
    priority->weight = (uint16_t)*src++ + 1;
    return src;
}

int h2o_http2_decode_headers_payload(h2o_http2_headers_payload_t *payload, const h2o_http2_frame_t *frame, const char **err_desc)
{
    const uint8_t *src = frame->payload, *src_end = frame->payload + frame->length;

    if (frame->stream_id == 0) {
        *err_desc = "invalid stream id in HEADERS frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }

    if ((frame->flags & H2O_HTTP2_FRAME_FLAG_PADDED) != 0) {
        uint32_t padlen;
        if (src == src_end) {
            *err_desc = "invalid HEADERS frame";
            return H2O_HTTP2_ERROR_PROTOCOL;
        }
        padlen = *src++;
        if (src_end - src < padlen) {
            *err_desc = "invalid HEADERS frame";
            return H2O_HTTP2_ERROR_PROTOCOL;
        }
        src_end -= padlen;
    }

    if ((frame->flags & H2O_HTTP2_FRAME_FLAG_PRIORITY) != 0) {
        if (src_end - src < 5)
            return -1;
        src = decode_priority(&payload->priority, src);
    } else {
        payload->priority = h2o_http2_default_priority;
    }

    payload->headers = src;
    payload->headers_len = src_end - src;

    return 0;
}

int h2o_http2_decode_priority_payload(h2o_http2_priority_t *payload, const h2o_http2_frame_t *frame, const char **err_desc)
{
    if (frame->stream_id == 0) {
        *err_desc = "invalid stream id in PRIORITY frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }
    if (frame->length != 5) {
        *err_desc = "invalid PRIORITY frame";
        return H2O_HTTP2_ERROR_FRAME_SIZE;
    }

    decode_priority(payload, frame->payload);
    return 0;
}

int h2o_http2_decode_rst_stream_payload(h2o_http2_rst_stream_payload_t *payload, const h2o_http2_frame_t *frame,
                                        const char **err_desc)
{
    if (frame->stream_id == 0) {
        *err_desc = "invalid stream id in RST_STREAM frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }
    if (frame->length != sizeof(payload->error_code)) {
        *err_desc = "invalid RST_STREAM frame";
        return H2O_HTTP2_ERROR_FRAME_SIZE;
    }

    payload->error_code = h2o_http2_decode32u(frame->payload);
    return 0;
}

int h2o_http2_decode_ping_payload(h2o_http2_ping_payload_t *payload, const h2o_http2_frame_t *frame, const char **err_desc)
{
    if (frame->stream_id != 0) {
        *err_desc = "invalid PING frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }
    if (frame->length != sizeof(payload->data)) {
        *err_desc = "invalid PING frame";
        return H2O_HTTP2_ERROR_FRAME_SIZE;
    }

    memcpy(payload->data, frame->payload, sizeof(payload->data));
    return 0;
}

int h2o_http2_decode_goaway_payload(h2o_http2_goaway_payload_t *payload, const h2o_http2_frame_t *frame, const char **err_desc)
{
    if (frame->stream_id != 0) {
        *err_desc = "invalid stream id in GOAWAY frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }
    if (frame->length < 8) {
        *err_desc = "invalid GOAWAY frame";
        return H2O_HTTP2_ERROR_FRAME_SIZE;
    }

    payload->last_stream_id = h2o_http2_decode32u(frame->payload) & 0x7fffffff;
    payload->error_code = h2o_http2_decode32u(frame->payload + 4);
    if ((payload->debug_data.len = frame->length - 8) != 0)
        payload->debug_data.base = (char *)frame->payload + 8;
    else
        payload->debug_data.base = NULL;

    return 0;
}

int h2o_http2_decode_window_update_payload(h2o_http2_window_update_payload_t *payload, const h2o_http2_frame_t *frame,
                                           const char **err_desc, int *err_is_stream_level)
{
    if (frame->length != 4) {
        *err_is_stream_level = 0;
        *err_desc = "invalid WINDOW_UPDATE frame";
        return H2O_HTTP2_ERROR_FRAME_SIZE;
    }

    payload->window_size_increment = h2o_http2_decode32u(frame->payload) & 0x7fffffff;
    if (payload->window_size_increment == 0) {
        *err_is_stream_level = frame->stream_id != 0;
        *err_desc = "invalid WINDOW_UPDATE frame";
        return H2O_HTTP2_ERROR_PROTOCOL;
    }

    return 0;
}

Coverage Report

Created: 2025-08-26 06:35

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (c) 2014 DeNA Co., Ltd.
3		*
4		* Permission is hereby granted, free of charge, to any person obtaining a copy
5		* of this software and associated documentation files (the "Software"), to
6		* deal in the Software without restriction, including without limitation the
7		* rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
8		* sell copies of the Software, and to permit persons to whom the Software is
9		* furnished to do so, subject to the following conditions:
10		*
11		* The above copyright notice and this permission notice shall be included in
12		* all copies or substantial portions of the Software.
13		*
14		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
19		* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
20		* IN THE SOFTWARE.
21		*/
22		#include "h2o/http2_common.h"
23
24		const h2o_http2_priority_t h2o_http2_default_priority = {
25		0, /* exclusive */
26		0, /* dependency */
27		16 /* weight */
28		};
29
30		const h2o_http2_settings_t H2O_HTTP2_SETTINGS_DEFAULT = {
31		/* header_table_size */ 4096,
32		/* enable_push */ 1,
33		/* max_concurrent_streams */ UINT32_MAX,
34		/* initial_window_size */ 65535,
35		/* max_frame_size */ 16384};
36
37		int h2o_http2_update_peer_settings(h2o_http2_settings_t settings, const uint8_t src, size_t len, const char **err_desc)
38	8.89k	{
39	27.0k	for (; len >= 6; len -= 6, src += 6) {
40	18.3k	uint16_t identifier = h2o_http2_decode16u(src);
41	18.3k	uint32_t value = h2o_http2_decode32u(src + 2);
42	18.3k	switch (identifier) {
43	0	#define SET(label, member, min, max, err_code) \
44	9.38k	case H2O_HTTP2_SETTINGS_##label: \
45	9.38k	if (!(min <= value && value <= max)) { \
46	271	*err_desc = "invalid SETTINGS frame"; \
47	271	return err_code; \
48	271	} \
49	9.38k	settings->member = value; \
50	9.10k	break
51	598	SET(HEADER_TABLE_SIZE, header_table_size, 0, UINT32_MAX, 0);
52	278	SET(ENABLE_PUSH, enable_push, 0, 1, H2O_HTTP2_ERROR_PROTOCOL);
53	1.78k	SET(MAX_CONCURRENT_STREAMS, max_concurrent_streams, 0, UINT32_MAX, 0);
54	6.35k	SET(INITIAL_WINDOW_SIZE, initial_window_size, 0, 0x7fffffff, H2O_HTTP2_ERROR_FLOW_CONTROL);
55	365	SET(MAX_FRAME_SIZE, max_frame_size, 16384, 16777215, H2O_HTTP2_ERROR_PROTOCOL);
56	0	#undef SET
57	9.01k	default:
58		/* ignore unknown (5.5) */
59	9.01k	break;
60	18.3k	}
61	18.3k	}
62
63	8.62k	if (len != 0)
64	58	return H2O_HTTP2_ERROR_FRAME_SIZE;
65	8.56k	return 0;
66	8.62k	}
67
68		uint8_t h2o_http2_encode_frame_header(uint8_t dst, size_t length, uint8_t type, uint8_t flags, int32_t stream_id)
69	80.1k	{
70	80.1k	if (length > 0xffffff)
71	0	h2o_fatal("invalid length");
72
73	80.1k	dst = h2o_http2_encode24u(dst, (uint32_t)length);
74	80.1k	*dst++ = type;
75	80.1k	*dst++ = flags;
76	80.1k	dst = h2o_http2_encode32u(dst, stream_id);
77
78	80.1k	return dst;
79	80.1k	}
80
81		static uint8_t allocate_frame(h2o_buffer_t *buf, size_t length, uint8_t type, uint8_t flags, int32_t stream_id)
82	56.8k	{
83	56.8k	h2o_iovec_t alloced = h2o_buffer_reserve(buf, H2O_HTTP2_FRAME_HEADER_SIZE + length);
84	56.8k	(*buf)->size += H2O_HTTP2_FRAME_HEADER_SIZE + length;
85	56.8k	return h2o_http2_encode_frame_header((uint8_t *)alloced.base, length, type, flags, stream_id);
86	56.8k	}
87
88		void h2o_http2__encode_rst_stream_frame(h2o_buffer_t **buf, uint32_t stream_id, int errnum)
89	25.5k	{
90	25.5k	uint8_t *dst = allocate_frame(buf, 4, H2O_HTTP2_FRAME_TYPE_RST_STREAM, 0, stream_id);
91	25.5k	dst = h2o_http2_encode32u(dst, errnum);
92	25.5k	}
93
94		void h2o_http2_encode_ping_frame(h2o_buffer_t *buf, int is_ack, const uint8_t data)
95	368	{
96	368	uint8_t *dst = allocate_frame(buf, 8, H2O_HTTP2_FRAME_TYPE_PING, is_ack ? H2O_HTTP2_FRAME_FLAG_ACK : 0, 0);
97	368	memcpy(dst, data, 8);
98	368	dst += 8;
99	368	}
100
101		void h2o_http2_encode_goaway_frame(h2o_buffer_t **buf, uint32_t last_stream_id, int errnum, h2o_iovec_t additional_data)
102	6.43k	{
103	6.43k	uint8_t *dst = allocate_frame(buf, 8 + additional_data.len, H2O_HTTP2_FRAME_TYPE_GOAWAY, 0, 0);
104	6.43k	dst = h2o_http2_encode32u(dst, last_stream_id);
105	6.43k	dst = h2o_http2_encode32u(dst, (uint32_t)-errnum);
106	6.43k	h2o_memcpy(dst, additional_data.base, additional_data.len);
107	6.43k	}
108
109		void h2o_http2_encode_settings_frame(h2o_buffer_t *buf, h2o_http2_settings_kvpair_t settings, size_t num_settings)
110	11.9k	{
111	11.9k	uint8_t dst = allocate_frame(buf, 6 num_settings, H2O_HTTP2_FRAME_TYPE_SETTINGS, 0, 0);
112	35.7k	for (size_t i = 0; i < num_settings; ++i) {
113	23.8k	dst = h2o_http2_encode16u(dst, settings[i].key);
114	23.8k	dst = h2o_http2_encode32u(dst, settings[i].value);
115	23.8k	}
116	11.9k	}
117
118		void h2o_http2_encode_window_update_frame(h2o_buffer_t **buf, uint32_t stream_id, int32_t window_size_increment)
119	12.6k	{
120	12.6k	uint8_t *dst = allocate_frame(buf, 4, H2O_HTTP2_FRAME_TYPE_WINDOW_UPDATE, 0, stream_id);
121	12.6k	dst = h2o_http2_encode32u(dst, window_size_increment);
122	12.6k	}
123
124		void h2o_http2_encode_origin_frame(h2o_buffer_t **buf, h2o_iovec_t payload)
125	0	{
126	0	uint8_t *dst = allocate_frame(buf, payload.len, H2O_HTTP2_FRAME_TYPE_ORIGIN, 0, 0);
127	0	memcpy(dst, payload.base, payload.len);
128	0	}
129
130		ssize_t h2o_http2_decode_frame(h2o_http2_frame_t frame, const uint8_t src, size_t len, size_t max_frame_size,
131		const char **err_desc)
132	115k	{
133	115k	if (len < H2O_HTTP2_FRAME_HEADER_SIZE)
134	2.79k	return H2O_HTTP2_ERROR_INCOMPLETE;
135
136	113k	frame->length = h2o_http2_decode24u(src);
137	113k	frame->type = src[3];
138	113k	frame->flags = src[4];
139	113k	frame->stream_id = h2o_http2_decode32u(src + 5) & 0x7fffffff;
140
141	113k	if (frame->length > max_frame_size)
142	895	return H2O_HTTP2_ERROR_FRAME_SIZE;
143
144	112k	if (len < H2O_HTTP2_FRAME_HEADER_SIZE + frame->length)
145	2.18k	return H2O_HTTP2_ERROR_INCOMPLETE;
146
147	110k	frame->payload = src + H2O_HTTP2_FRAME_HEADER_SIZE;
148
149	110k	return H2O_HTTP2_FRAME_HEADER_SIZE + frame->length;
150	112k	}
151
152		int h2o_http2_decode_data_payload(h2o_http2_data_payload_t payload, const h2o_http2_frame_t frame, const char **err_desc)
153	17.3k	{
154	17.3k	if (frame->stream_id == 0) {
155	35	*err_desc = "invalid stream id in DATA frame";
156	35	return H2O_HTTP2_ERROR_PROTOCOL;
157	35	}
158
159	17.3k	if ((frame->flags & H2O_HTTP2_FRAME_FLAG_PADDED) != 0) {
160	1.91k	uint8_t padding_length;
161	1.91k	if (frame->length < 1) {
162	13	*err_desc = "invalid DATA frame";
163	13	return H2O_HTTP2_ERROR_PROTOCOL;
164	13	}
165	1.90k	padding_length = frame->payload[0];
166	1.90k	if (frame->length < 1 + padding_length) {
167	15	*err_desc = "invalid DATA frame";
168	15	return H2O_HTTP2_ERROR_PROTOCOL;
169	15	}
170	1.88k	payload->data = frame->payload + 1;
171	1.88k	payload->length = frame->length - (1 + padding_length);
172	15.4k	} else {
173	15.4k	payload->data = frame->payload;
174	15.4k	payload->length = frame->length;
175	15.4k	}
176	17.3k	return 0;
177	17.3k	}
178
179		static const uint8_t decode_priority(h2o_http2_priority_t priority, const uint8_t *src)
180	59.0k	{
181	59.0k	uint32_t u4 = h2o_http2_decode32u(src);
182	59.0k	src += 4;
183	59.0k	priority->exclusive = u4 >> 31;
184	59.0k	priority->dependency = u4 & 0x7fffffff;
185	59.0k	priority->weight = (uint16_t)*src++ + 1;
186	59.0k	return src;
187	59.0k	}
188
189		int h2o_http2_decode_headers_payload(h2o_http2_headers_payload_t payload, const h2o_http2_frame_t frame, const char **err_desc)
190	18.7k	{
191	18.7k	const uint8_t src = frame->payload, src_end = frame->payload + frame->length;
192
193	18.7k	if (frame->stream_id == 0) {
194	5	*err_desc = "invalid stream id in HEADERS frame";
195	5	return H2O_HTTP2_ERROR_PROTOCOL;
196	5	}
197
198	18.7k	if ((frame->flags & H2O_HTTP2_FRAME_FLAG_PADDED) != 0) {
199	1.39k	uint32_t padlen;
200	1.39k	if (src == src_end) {
201	5	*err_desc = "invalid HEADERS frame";
202	5	return H2O_HTTP2_ERROR_PROTOCOL;
203	5	}
204	1.39k	padlen = *src++;
205	1.39k	if (src_end - src < padlen) {
206	19	*err_desc = "invalid HEADERS frame";
207	19	return H2O_HTTP2_ERROR_PROTOCOL;
208	19	}
209	1.37k	src_end -= padlen;
210	1.37k	}
211
212	18.6k	if ((frame->flags & H2O_HTTP2_FRAME_FLAG_PRIORITY) != 0) {
213	14.9k	if (src_end - src < 5)
214	7	return -1;
215	14.9k	src = decode_priority(&payload->priority, src);
216	14.9k	} else {
217	3.71k	payload->priority = h2o_http2_default_priority;
218	3.71k	}
219
220	18.6k	payload->headers = src;
221	18.6k	payload->headers_len = src_end - src;
222
223	18.6k	return 0;
224	18.6k	}
225
226		int h2o_http2_decode_priority_payload(h2o_http2_priority_t payload, const h2o_http2_frame_t frame, const char **err_desc)
227	44.1k	{
228	44.1k	if (frame->stream_id == 0) {
229	5	*err_desc = "invalid stream id in PRIORITY frame";
230	5	return H2O_HTTP2_ERROR_PROTOCOL;
231	5	}
232	44.1k	if (frame->length != 5) {
233	41	*err_desc = "invalid PRIORITY frame";
234	41	return H2O_HTTP2_ERROR_FRAME_SIZE;
235	41	}
236
237	44.1k	decode_priority(payload, frame->payload);
238	44.1k	return 0;
239	44.1k	}
240
241		int h2o_http2_decode_rst_stream_payload(h2o_http2_rst_stream_payload_t payload, const h2o_http2_frame_t frame,
242		const char **err_desc)
243	1.59k	{
244	1.59k	if (frame->stream_id == 0) {
245	4	*err_desc = "invalid stream id in RST_STREAM frame";
246	4	return H2O_HTTP2_ERROR_PROTOCOL;
247	4	}
248	1.59k	if (frame->length != sizeof(payload->error_code)) {
249	38	*err_desc = "invalid RST_STREAM frame";
250	38	return H2O_HTTP2_ERROR_FRAME_SIZE;
251	38	}
252
253	1.55k	payload->error_code = h2o_http2_decode32u(frame->payload);
254	1.55k	return 0;
255	1.59k	}
256
257		int h2o_http2_decode_ping_payload(h2o_http2_ping_payload_t payload, const h2o_http2_frame_t frame, const char **err_desc)
258	957	{
259	957	if (frame->stream_id != 0) {
260	56	*err_desc = "invalid PING frame";
261	56	return H2O_HTTP2_ERROR_PROTOCOL;
262	56	}
263	901	if (frame->length != sizeof(payload->data)) {
264	13	*err_desc = "invalid PING frame";
265	13	return H2O_HTTP2_ERROR_FRAME_SIZE;
266	13	}
267
268	888	memcpy(payload->data, frame->payload, sizeof(payload->data));
269	888	return 0;
270	901	}
271
272		int h2o_http2_decode_goaway_payload(h2o_http2_goaway_payload_t payload, const h2o_http2_frame_t frame, const char **err_desc)
273	644	{
274	644	if (frame->stream_id != 0) {
275	71	*err_desc = "invalid stream id in GOAWAY frame";
276	71	return H2O_HTTP2_ERROR_PROTOCOL;
277	71	}
278	573	if (frame->length < 8) {
279	6	*err_desc = "invalid GOAWAY frame";
280	6	return H2O_HTTP2_ERROR_FRAME_SIZE;
281	6	}
282
283	567	payload->last_stream_id = h2o_http2_decode32u(frame->payload) & 0x7fffffff;
284	567	payload->error_code = h2o_http2_decode32u(frame->payload + 4);
285	567	if ((payload->debug_data.len = frame->length - 8) != 0)
286	323	payload->debug_data.base = (char *)frame->payload + 8;
287	244	else
288	244	payload->debug_data.base = NULL;
289
290	567	return 0;
291	573	}
292
293		int h2o_http2_decode_window_update_payload(h2o_http2_window_update_payload_t payload, const h2o_http2_frame_t frame,
294		const char *err_desc, int err_is_stream_level)
295	12.3k	{
296	12.3k	if (frame->length != 4) {
297	22	*err_is_stream_level = 0;
298	22	*err_desc = "invalid WINDOW_UPDATE frame";
299	22	return H2O_HTTP2_ERROR_FRAME_SIZE;
300	22	}
301
302	12.3k	payload->window_size_increment = h2o_http2_decode32u(frame->payload) & 0x7fffffff;
303	12.3k	if (payload->window_size_increment == 0) {
304	7.41k	*err_is_stream_level = frame->stream_id != 0;
305	7.41k	*err_desc = "invalid WINDOW_UPDATE frame";
306	7.41k	return H2O_HTTP2_ERROR_PROTOCOL;
307	7.41k	}
308
309	4.94k	return 0;
310	12.3k	}