From 7d9f1ba246055046eed547fa35aa546683021dce Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Wed, 28 Feb 2018 13:33:26 +0100 Subject: [PATCH] BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is stopping In the SPOE applet's handler, when an applet is switched from the state IDLE to PROCESSING, it is removed for the list of idle applets. But when HAProxy is stopping, this applet can be switched to DISCONNECT. In this case, we also need to remove it from the list of idle applets. Else the applet is removed but still present in the list. It could lead to a segmentation fault or an infinite loop, depending the code path. --- src/flt_spoe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/flt_spoe.c b/src/flt_spoe.c index a53795861..a701c7074 100644 --- a/src/flt_spoe.c +++ b/src/flt_spoe.c @@ -1843,6 +1843,8 @@ spoe_handle_appctx(struct appctx *appctx) goto switchstate; case SPOE_APPCTX_ST_IDLE: + SPOE_DEBUG_STMT(agent->rt[tid].applets_idle--); + eb32_delete(&SPOE_APPCTX(appctx)->node); if (stopping && LIST_ISEMPTY(&agent->rt[tid].sending_queue) && LIST_ISEMPTY(&SPOE_APPCTX(appctx)->waiting_queue)) { @@ -1851,8 +1853,6 @@ spoe_handle_appctx(struct appctx *appctx) appctx->st0 = SPOE_APPCTX_ST_DISCONNECT; goto switchstate; } - SPOE_DEBUG_STMT(agent->rt[tid].applets_idle--); - eb32_delete(&SPOE_APPCTX(appctx)->node); appctx->st0 = SPOE_APPCTX_ST_PROCESSING; /* fall through */