RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: mux-quic: prevent crash if conn released during IO callback 

A qcc instance may be freed in the middle of qc_io_cb() if all streams
were purged. This will lead to a crash as qcc instance is reused after
this step. Jump directly to the end of the function to avoid this.

Note that this bug has not been triggered for the moment. This is a
safety fix to prevent it.

This must be backported up to 2.6.
This commit is contained in:
Amaury Denoyelle 2022-07-25 14:56:54 +02:00
parent 51d38a26fe
commit d3973853c2
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/mux_quic.c
View File

@ -1673,6 +1673,7 @@ static struct task *qc_io_cb(struct task *t, void *ctx, unsigned int status)
if (qc_purge_streams(qcc)) {
if (qcc_is_dead(qcc)) {
qc_release(qcc);
goto end;
}
else if (qcc->task) {
if (qcc_may_expire(qcc))
@ -1685,6 +1686,7 @@ static struct task *qc_io_cb(struct task *t, void *ctx, unsigned int status)
qc_recv(qcc);
end:
TRACE_LEAVE(QMUX_EV_QCC_WAKE);
return NULL;