BUG/MINOR: mux-quic: trace with non initialized qcc

This issue leads to crashes when the QUIC mux traces are enabled and could be
reproduced with -dMfail. When the qcc allocation fails (qcc_init()) haproxy
crashes into qmux_dump_qcc_info() because ->conn qcc member is initialized:

Program terminated with signal SIGSEGV, Segmentation fault.
    at src/qmux_trace.c:146
146             const struct quic_conn *qc = qcc->conn->handle.qc;
[Current thread is 1 (LWP 1448960)]
(gdb) p qcc
$1 = (const struct qcc *) 0x7f9c63719fa0
(gdb) p qcc->conn
$2 = (struct connection *) 0x155550508
(gdb)

This patch simply fixes the TRACE() call concerned to avoid <qcc> object
dereferencing when it is NULL.

Must be backported as far as 3.0.

diff --git a/src/mux_quic.c b/src/mux_quic.c
index cdd2cb60153bad7ef6486e1326120b5537ec7d59..ad3eaef9c29045b513773f4715b14b66a3e48144 100644 (file)
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -3706,7 +3706,7 @@ static int qmux_init(struct connection *conn, struct proxy *prx,
                conn->ctx = NULL;
        }
 
-       TRACE_DEVEL("leaving on error", QMUX_EV_QCC_NEW, conn);
+       TRACE_DEVEL("leaving on error", QMUX_EV_QCC_NEW, qcc ? conn : NULL);
        return -1;
 }