From 55ae8a64e4e1175063463921375b279c31bbc6a4 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Thu, 23 May 2019 22:47:48 +0200 Subject: [PATCH] BUG/MEDIUM: spoe: Don't use the SPOE applet after releasing it In spoe_release_appctx(), the SPOE applet may be used after it was released to get its exit status code. Of course, HAProxy crashes when this happens. This patch must be backported to 1.9 and 1.8. --- src/flt_spoe.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/flt_spoe.c b/src/flt_spoe.c index 2755f3ab4..51d4f275a 100644 --- a/src/flt_spoe.c +++ b/src/flt_spoe.c @@ -1298,11 +1298,6 @@ spoe_release_appctx(struct appctx *appctx) task_wakeup(ctx->strm->task, TASK_WOKEN_MSG); } - /* Release allocated memory */ - spoe_release_buffer(&spoe_appctx->buffer, - &spoe_appctx->buffer_wait); - pool_free(pool_head_spoe_appctx, spoe_appctx); - if (!LIST_ISEMPTY(&agent->rt[tid].applets)) goto end; @@ -1327,6 +1322,11 @@ spoe_release_appctx(struct appctx *appctx) } end: + /* Release allocated memory */ + spoe_release_buffer(&spoe_appctx->buffer, + &spoe_appctx->buffer_wait); + pool_free(pool_head_spoe_appctx, spoe_appctx); + /* Update runtinme agent info */ agent->rt[tid].frame_size = agent->max_frame_size; list_for_each_entry(spoe_appctx, &agent->rt[tid].applets, list)