MINOR: quic: Add a BUG_ON() on quic_tx_packet refcount

This is definitively a bug to call quic_tx_packet_refdec() to decrement the reference
counter of a TX packet calling quic_tx_packet_refdec(), and possibly to release its
memory when it is negative or null.

This counter is incremented when a TX frm is attached to it with some allocated memory
and when the packet is inserted into a data structure, if needed (list or tree).

Should be easily backported as far as 2.6 to ease any further backport around
this code part.

diff --git a/include/haproxy/quic_tx.h b/include/haproxy/quic_tx.h
index 9961a2384f723dc5930de4347b27904ba00c8779..1be932230f73f522d39824b06f687b8e8eb9618e 100644 (file)
--- a/include/haproxy/quic_tx.h
+++ b/include/haproxy/quic_tx.h
@@ -76,6 +76,7 @@ static inline void quic_tx_packet_refinc(struct quic_tx_packet *pkt)
 /* Decrement the reference counter of <pkt> */
 static inline void quic_tx_packet_refdec(struct quic_tx_packet *pkt)
 {
+       BUG_ON(pkt->refcnt <= 0);
        if (--pkt->refcnt == 0) {
                BUG_ON(!LIST_ISEMPTY(&pkt->frms));
                /* If there are others packet in the same datagram <pkt> is attached to,