BUG/MAJOR: mux-h2: don't wake streams after connection was destroyed

In commit 477902b ("MEDIUM: connections: Get ride of the xprt_done
callback.") we added an inconditional call to h2_wake_some_streams()
in h2_wake(), though we must not do it if the connection is destroyed
or we end up with a use-after-free. In this case it's already done in
h2_process() before destroying the connection anyway.

Let's just add this test for now. A cleaner approach might consist in
doing it in the h2_process() function itself when a connection status
change is detected.

No backport is needed, this is purely 2.2.

diff --git a/src/mux_h2.c b/src/mux_h2.c
index df7a4e680dd35b6977993e3f7a2c3e145766a101..6b6f42ea3ec460d28ead0d50e0ac16eb85a14216 100644 (file)
--- a/src/mux_h2.c
+++ b/src/mux_h2.c
@@ -3650,7 +3650,8 @@ static int h2_wake(struct connection *conn)
 
        TRACE_ENTER(H2_EV_H2C_WAKE, conn);
        ret = h2_process(h2c);
-       h2_wake_some_streams(h2c, 0);
+       if (ret >= 0)
+               h2_wake_some_streams(h2c, 0);
        TRACE_LEAVE(H2_EV_H2C_WAKE);
        return ret;
 }