BUG/MEDIUM: applet: Remove appctx from buffer wait list on release

For now, the appctx is removed from the buffer wait list when it is
freed. However, when it is released, it is not necessarily freed
immediately. But it is detached from the SC. If it is still registered in
the buffer wait list, it could then be woken up to get a buffer. At this
stage it is totally unexpected, especially because we must access the SC.

The fix is obvious, the appctx must be removed from the buffer wait list on
release.

Note this bug exists because the appctx was moved at the mux level.

This patch must be backported as far as 2.6.

diff --git a/src/applet.c b/src/applet.c
index 674cf8349b2a2909d94c2d153fa4adb0bc248154..93178ec14aa2fa4e36cebaec3bbd07b029ad584b 100644 (file)
--- a/src/applet.c
+++ b/src/applet.c
@@ -360,6 +360,9 @@ void appctx_shut(struct appctx *appctx)
        if (appctx->applet->release)
                appctx->applet->release(appctx);
 
+       if (LIST_INLIST(&appctx->buffer_wait.list))
+               LIST_DEL_INIT(&appctx->buffer_wait.list);
+
        se_fl_set(appctx->sedesc, SE_FL_SHRR | SE_FL_SHWN);
        TRACE_LEAVE(APPLET_EV_RELEASE, appctx);
 }