From e5f229e6392fd54aaba7fe58f457723c16b9d15f Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 15 Oct 2018 11:08:55 +0200 Subject: [PATCH] BUG/MEDIUM: stream: don't crash on out-of-memory In case pool_alloc() fails in stream_new(), we try to detach the stream from the list before it has been added, dereferencing a NULL. In order to fix it, simply move the LIST_DEL call upwards. This must be backported to 1.8. --- src/stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/stream.c b/src/stream.c index a57879d86..42a6c48c9 100644 --- a/src/stream.c +++ b/src/stream.c @@ -289,10 +289,10 @@ struct stream *stream_new(struct session *sess, enum obj_type *origin) flt_stream_release(s, 0); task_free(t); tasklet_free(s->si[1].wait_event.task); + LIST_DEL(&s->list); out_fail_alloc_si1: tasklet_free(s->si[0].wait_event.task); out_fail_alloc: - LIST_DEL(&s->list); pool_free(pool_head_stream, s); return NULL; }