BUG/MINOR: quic: fix crash on quic_conn alloc failure

If there is an alloc failure during qc_new_conn(), cleaning is done via
quic_conn_release(). However, since the below commit, an unchecked
dereferencing of <qc.path> is performed in the latter.

  e841164a4402118bd7b2e2dc2b5068f21de5d9d2
  MINOR: quic: account for global congestion window

To fix this, simply check <qc.path> before dereferencing it in
quic_conn_release(). This is safe as it is properly initialized to NULL
on qc_new_conn() first stage.

This does not need to be backported.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 5b04dbfc12347f957d7e4facf1d90f1ab8cfb4f9..5feda3b3ea092ef5a8dc574b341ac2934e9374a4 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1448,8 +1448,10 @@ int quic_conn_release(struct quic_conn *qc)
        }
 
        /* Substract last congestion window from global memory counter. */
-       cshared_add(&quic_mem_diff, -qc->path->cwnd);
-       qc->path->cwnd = 0;
+       if (qc->path) {
+               cshared_add(&quic_mem_diff, -qc->path->cwnd);
+               qc->path->cwnd = 0;
+       }
 
        /* free remaining stream descriptors */
        node = eb64_first(&qc->streams_by_id);