1berry/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG/MINOR: quic: fix crash on quic_conn alloc failure

Browse Source 
If there is an alloc failure during qc_new_conn(), cleaning is done via
quic_conn_release(). However, since the below commit, an unchecked
dereferencing of <qc.path> is performed in the latter.

  e841164a4402118bd7b2e2dc2b5068f21de5d9d2
  MINOR: quic: account for global congestion window

To fix this, simply check <qc.path> before dereferencing it in
quic_conn_release(). This is safe as it is properly initialized to NULL
on qc_new_conn() first stage.

This does not need to be backported.
This commit is contained in:
Amaury Denoyelle 2025-05-19 11:02:46 +02:00
parent 099c1b2442
commit d358da4d83
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/quic_conn.c
View File

@ -1448,8 +1448,10 @@ int quic_conn_release(struct quic_conn *qc)
} }
/* Substract last congestion window from global memory counter. */ /* Substract last congestion window from global memory counter. */
cshared_add(&quic_mem_diff, -qc->path->cwnd); if (qc->path) {
qc->path->cwnd = 0; cshared_add(&quic_mem_diff, -qc->path->cwnd);
qc->path->cwnd = 0;
}
/* free remaining stream descriptors */ /* free remaining stream descriptors */
node = eb64_first(&qc->streams_by_id); node = eb64_first(&qc->streams_by_id);