From 4dd7ec9ae48df272cef2a1ecd4de0a237783828a Mon Sep 17 00:00:00 2001
From: Sergey Kandaurov <pluknet@nginx.com>
Date: Wed, 15 Apr 2026 22:12:28 +0400
Subject: QUIC: always populate ngx_quic_cbs_recv_rcd() output arguments

Although uninitialized values aren't used in practice due to the
nature of the OpenSSL code flow, this violates the API contract.

Reported by lukefr09 on GitHub.
---
 src/event/quic/ngx_event_quic_ssl.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/event/quic/ngx_event_quic_ssl.c b/src/event/quic/ngx_event_quic_ssl.c
index 18992ae1b..4e84f8102 100644
--- a/src/event/quic/ngx_event_quic_ssl.c
+++ b/src/event/quic/ngx_event_quic_ssl.c
@@ -158,6 +158,7 @@ ngx_quic_cbs_recv_rcd(ngx_ssl_conn_t *ssl_conn,
         if (b->sync) {
             /* hole */
 
+            *data = NULL;
             *bytes_read = 0;
 
             break;
@@ -169,6 +170,9 @@ ngx_quic_cbs_recv_rcd(ngx_ssl_conn_t *ssl_conn,
         break;
     }
 
+    *data = NULL;
+    *bytes_read = 0;
+
     return 1;
 }
 
-- 
cgit