From: Olivier Houchard Date: Wed, 29 May 2019 14:44:17 +0000 (+0200) Subject: BUG/MEDIUM: h2: Don't forget to set h2s->cs to NULL after having free'd cs. X-Git-Tag: v2.0-dev5~8 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=58d87f31f7391d419182d61743bbe82524f8fd5a;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: h2: Don't forget to set h2s->cs to NULL after having free'd cs. In h2c_frt_stream_new, if we failed to create the stream for some reason, don't forget to set h2s->cs to NULL before calling h2s_destroy(), otherwise h2s_destroy() will call h2s_close(), which will attempt to access h2s->cs->flags if it's non-NULL. This should be backported to 1.9. --- diff --git a/src/mux_h2.c b/src/mux_h2.c index 8b8135d1a1..557a158cab 100644 --- a/src/mux_h2.c +++ b/src/mux_h2.c @@ -1027,6 +1027,7 @@ static struct h2s *h2c_frt_stream_new(struct h2c *h2c, int id) out_free_cs: h2c->nb_cs--; cs_free(cs); + h2s->cs = NULL; out_close: h2s_destroy(h2s); out: