From: Frédéric Lécaille Date: Sat, 27 Aug 2022 08:19:42 +0000 (+0200) Subject: BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace X-Git-Tag: v2.7-dev5~50 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=e35463c767d693d24fc26b6575749e8594e56204;p=thirdparty%2Fhaproxy.git BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace This function must duplicate frames be resent from packets. Some of them are still in flight, others have already been detected as lost. In this case the original frame ->pkt member is NULL. Add a trace to distinguish these cases. Thank you to Tristan for having reported this issue in GH #1808. Must be backported to 2.6. --- diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 0aad272138..f5dedcab24 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -2355,8 +2355,13 @@ static void qc_dup_pkt_frms(struct quic_conn *qc, */ origin = frm->origin ? frm->origin : frm; TRACE_DEVEL("built probing frame", QUIC_EV_CONN_PRSAFRM, qc, origin); - TRACE_DEVEL("duplicated from packet", QUIC_EV_CONN_PRSAFRM, - qc, NULL, &origin->pkt->pn_node.key); + if (origin->pkt) + TRACE_DEVEL("duplicated from packet", QUIC_EV_CONN_PRSAFRM, + qc, NULL, &origin->pkt->pn_node.key); + else { + /* is a frame which was sent from a packet detected as lost. */ + TRACE_DEVEL("duplicated from lost packet", QUIC_EV_CONN_PRSAFRM, qc); + } *dup_frm = *origin; dup_frm->pkt = NULL; dup_frm->origin = origin;