From c02d898cd13d036e1897daae5e2362ec8705e427 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= <flecaille@haproxy.com>
Date: Wed, 14 Jun 2023 18:09:54 +0200
Subject: [PATCH] BUG/MINOR: quic: Possible crash in
 quic_conn_prx_cntrs_update()

quic_conn_prx_cntrs_update() may be called from quic_conn_release() with
NULL as value for ->prx_counters member. This is the case when qc_new_conn() fails
when allocating <buf_area>. In this case quic_conn_prx_cntrs_update() BUG_ON().

Must be backported as far as 2.7.
---
 src/quic_conn.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 319a61454..e5fd58b0c 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -5716,7 +5716,9 @@ static struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
 /* Update the proxy counters of <qc> QUIC connection from its counters */
 static inline void quic_conn_prx_cntrs_update(struct quic_conn *qc)
 {
-	BUG_ON(!qc->prx_counters);
+	if (!qc->prx_counters)
+		return;
+
 	HA_ATOMIC_ADD(&qc->prx_counters->dropped_pkt, qc->cntrs.dropped_pkt);
 	HA_ATOMIC_ADD(&qc->prx_counters->dropped_pkt_bufoverrun, qc->cntrs.dropped_pkt_bufoverrun);
 	HA_ATOMIC_ADD(&qc->prx_counters->dropped_parsing, qc->cntrs.dropped_parsing);