From: Amaury Denoyelle Date: Wed, 27 Jul 2022 09:39:01 +0000 (+0200) Subject: BUG/MINOR: mux-quic: do not free conn if attached streams X-Git-Tag: v2.7-dev3~41 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09ec3e09bd6bf6ab83199ef3ddc7e20b69d99f02;p=thirdparty%2Fhaproxy.git BUG/MINOR: mux-quic: do not free conn if attached streams Ensure via qcc_is_dead() that a connection is not released instance until all of qcs streams are detached by the upper layer, even if an error has been reported or the timeout has fired. On the other side, as qc_detach() always check the connection status, this should ensure that we do not keep a connection if not necessary. Without this patch, a qcc instance may be freed with some of its qcs streams not detached. This is an incorrect behavior and will lead to a BUG_ON fault. Note however that no occurence of this bug has been produced currently. This patch is mainly a safety against future occurences. This should be backported up to 2.6. --- diff --git a/src/mux_quic.c b/src/mux_quic.c index 65d62a4aa8..3ab5333989 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -1001,7 +1001,12 @@ static void qcs_destroy(struct qcs *qcs) static inline int qcc_is_dead(const struct qcc *qcc) { - if ((qcc->conn->flags & CO_FL_ERROR) || !qcc->task) + /* Mux connection is considered dead if : + * - all stream-desc are detached AND + * = connection is on error OR + * = mux timeout has already fired or is unset + */ + if (!qcc->nb_sc && ((qcc->conn->flags & CO_FL_ERROR) || !qcc->task)) return 1; return 0;