BUG/MINOR: mux-quic: fix crash on qcc_init() early return

qcc_release() may be used in case qcc_init() cannot complete. In this
case, connection instance is NULL. As such, it cannot be dereferenced
without testing it first.

This should fix github coverity report #2739.

No backport needed.

diff --git a/src/mux_quic.c b/src/mux_quic.c
index 09f88334905ef239476c09d2427547d55f4684d0..8b46580757e7c02fd2feda4667e6d568d7e64862 100644 (file)
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -2626,7 +2626,7 @@ static void qcc_release(struct qcc *qcc)
 {
        struct connection *conn = qcc->conn;
        struct eb64_node *node;
-       struct quic_conn *qc = conn->handle.qc;
+       struct quic_conn *qc;
 
        TRACE_ENTER(QMUX_EV_QCC_END, conn);
 
@@ -2644,11 +2644,14 @@ static void qcc_release(struct qcc *qcc)
        }
 
        /* unsubscribe from all remaining qc_stream_desc */
-       node = eb64_first(&qc->streams_by_id);
-       while (node) {
-               struct qc_stream_desc *stream = eb64_entry(node, struct qc_stream_desc, by_id);
-               qc_stream_desc_sub_room(stream, NULL);
-               node = eb64_next(node);
+       if (conn) {
+               qc = conn->handle.qc;
+               node = eb64_first(&qc->streams_by_id);
+               while (node) {
+                       struct qc_stream_desc *stream = eb64_entry(node, struct qc_stream_desc, by_id);
+                       qc_stream_desc_sub_room(stream, NULL);
+                       node = eb64_next(node);
+               }
        }
 
        tasklet_free(qcc->wait_event.tasklet);