RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-04-11 03:31:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: mux-quic: fix crash with traces in qc_detach()

Browse Source 
qc_detach() is used to free a qcs as notified by sedesc. If there is no
more stream active and the connection is considered as dead, it will
then be freed. This prevent to dereference qcc in TRACE macro. Else this
will cause a crash.

Use a different code-path on release for qc_detach() to fix this bug.

This will fix the last occurence of crash on github issue #1808.

This has been introduced by recent QUIC MUX traces rework. Thus, it does
not need to be backport.
This commit is contained in:
Amaury Denoyelle 2022-08-12 15:56:21 +02:00
parent ded77cc71f
commit 35a66c0a36
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/mux_quic.c
View File

@ -2099,7 +2099,7 @@ static void qc_detach(struct sedesc *sd)
if (qcc_is_dead(qcc)) {
TRACE_STATE("killing dead connection", QMUX_EV_STRM_END, qcc->conn);
qc_release(qcc);
goto release;
}
else if (qcc->task) {
TRACE_DEVEL("refreshing connection's timeout", QMUX_EV_STRM_END, qcc->conn);
@ -2110,6 +2110,12 @@ static void qc_detach(struct sedesc *sd)
}
TRACE_LEAVE(QMUX_EV_STRM_END, qcc->conn);
return;
release:
qc_release(qcc);
TRACE_LEAVE(QMUX_EV_STRM_END);
return;
}
/* Called from the upper layer, to receive data */