From a8a60432406d7bfd06975e087650a8817c03fcf6 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Tue, 23 Aug 2022 11:42:48 +0200 Subject: [PATCH] BUG/MINOR: quic: Wrong list_for_each_entry() use when building packets from qc_do_build_pkt() This is list_for_each_entry_safe() which must be used if we want to delete elements inside its code block. This could explain that some frames which were not built were added to packets with a NULL ->pkt member. Thank you to Tristan for having reported this issue through backtraces in GH #1808 Must be backported to 2.6. --- src/xprt_quic.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 0a0ab358cb..4f2a2ea050 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -6830,7 +6830,8 @@ static int qc_do_build_pkt(unsigned char *pos, const unsigned char *end, /* Ack-eliciting frames */ if (!LIST_ISEMPTY(&frm_list)) { - list_for_each_entry(cf, &frm_list, list) { + struct quic_frame *tmp_cf; + list_for_each_entry_safe(cf, tmp_cf, &frm_list, list) { unsigned char *spos = pos; if (!qc_build_frm(&spos, end, cf, pkt, qc)) { -- 2.47.3