From 249fe55f7501ca607f70e8050c6546995cd808e8 Mon Sep 17 00:00:00 2001
From: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Date: Sun, 15 Oct 2023 20:49:02 -0300
Subject: [PATCH] http2: fix underflow in http2 server push

After CL 534215 was merged to fix a CVE it introduced
an underflow when we try to decrement sc.curHandlers
in handlerDone.

There is one place that calls runHandler without
incrementing curHandlers. Seems to only affect http.Pusher.

For golang/go#63511
---
 http2/server.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/http2/server.go b/http2/server.go
index 02c88b6b..7f3bed92 100644
--- a/http2/server.go
+++ b/http2/server.go
@@ -3187,6 +3187,7 @@ func (sc *serverConn) startPush(msg *startPushRequest) {
 			panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
 		}
 
+		sc.curHandlers++
 		go sc.runHandler(rw, req, sc.handler.ServeHTTP)
 		return promisedID, nil
 	}