BUG/MEDIUM: mux-h2: make sure not to touch dummy streams when sending WU

Since commit 1cc851d9f2 ("MEDIUM: mux-h2: start to update stream when
sending WU") we started storing stream offsets in the h2s struct. These
offsets are updated at a few points, where it's safe to write to the
stream, and in h2c_send_strm_wu(), where the h2s->h2c was not performed.

Due to this, nothing protects the h2s from being updated when sending a
WU for a closed stream, which might only happen when acknowledging a
frame after resetting that stream, which is quite unlikely. In any case
if this happens, it will crash as in issue #2793 since the closed streams
are purposely read-only to catch such bugs.

The fix is trivial, just check h2s->h2c before deciding to update the
stream.

Thanks to @Wahnes for reporting this, and Christopher for spotting the
cause. This needs to be backported to 3.1 only.

src/mux_h2.c

@@ -2991,7 +2991,7 @@ static int h2c_send_strm_wu(struct h2c *h2c)
 	if (ret > 0) {
 		h2c->wu_s = 0;
 		h2s = h2c_st_by_id(h2c, h2c->dsi);
-		if (h2s)
+		if (h2s && h2s->h2c)
 			h2s->last_adv_ofs = h2s->next_max_ofs;
 	}
  out: