BUG/MINOR: quic: Possible leak of TX packets under heavy load

This bug could be reproduced with -dMfail and detected added a counter of TX packet to the QUIC connection. When released calling quic_conn_release() the connection should have a null counter of TX packets. This was not always the case. This could occur during the handshake step: a first packet was built, then another one should have followed in the same datagram, but fail due to a memory allocation issue. As the datagram length and first TX packet were not written in the TX buffer, this latter could not really be purged by qc_purge_tx_buf() even if called. This bug occured only when building coalesced packets in the same datagram. To fix this, write the packet information (datagram length and first packet address) in the TX buffer before purging it. Must be backported as far as 2.6.
2025-04-11 03:31:36 +00:00 · 2023-11-22 14:57:28 +01:00 · 2023-11-22 14:57:28 +01:00 · cd225da46c
commit cd225da46c
parent dc8a20b317
1 changed files with 2 additions and 0 deletions
--- a/src/quic_tx.c
+++ b/src/quic_tx.c
@ -1139,6 +1139,8 @@ int qc_prep_hpkts(struct quic_conn *qc, struct buffer *buf, struct list *qels)
 			                       must_ack, padding, probe, cc, &err);
 			switch (err) {
 				case -3:
+					if (first_pkt)
+						qc_txb_store(buf, dglen, first_pkt);
 					qc_purge_tx_buf(qc, buf);
 					goto leave;
 				case -2: