From: Amaury Denoyelle Date: Mon, 19 May 2025 09:02:46 +0000 (+0200) Subject: BUG/MINOR: quic: fix crash on quic_conn alloc failure X-Git-Tag: v3.2-dev17~28 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d358da4d83789ac86d3631dd6552a898dec1338b;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: fix crash on quic_conn alloc failure If there is an alloc failure during qc_new_conn(), cleaning is done via quic_conn_release(). However, since the below commit, an unchecked dereferencing of is performed in the latter. e841164a4402118bd7b2e2dc2b5068f21de5d9d2 MINOR: quic: account for global congestion window To fix this, simply check before dereferencing it in quic_conn_release(). This is safe as it is properly initialized to NULL on qc_new_conn() first stage. This does not need to be backported. --- diff --git a/src/quic_conn.c b/src/quic_conn.c index 5b04dbfc1..5feda3b3e 100644 --- a/src/quic_conn.c +++ b/src/quic_conn.c @@ -1448,8 +1448,10 @@ int quic_conn_release(struct quic_conn *qc) } /* Substract last congestion window from global memory counter. */ - cshared_add(&quic_mem_diff, -qc->path->cwnd); - qc->path->cwnd = 0; + if (qc->path) { + cshared_add(&quic_mem_diff, -qc->path->cwnd); + qc->path->cwnd = 0; + } /* free remaining stream descriptors */ node = eb64_first(&qc->streams_by_id);