BUG/MINOR: mux-quic: fix crash with traces in qc_detach()

qc_detach() is used to free a qcs as notified by sedesc. If there is no
more stream active and the connection is considered as dead, it will
then be freed. This prevent to dereference qcc in TRACE macro. Else this
will cause a crash.

Use a different code-path on release for qc_detach() to fix this bug.

This will fix the last occurence of crash on github issue #1808.

This has been introduced by recent QUIC MUX traces rework. Thus, it does
not need to be backport.

diff --git a/src/mux_quic.c b/src/mux_quic.c
index 196f682c2333712206273448a057b584dddf9279..57d7fdb2e3fdfe499a7a842167e159681b0c1ed8 100644 (file)
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -2099,7 +2099,7 @@ static void qc_detach(struct sedesc *sd)
 
        if (qcc_is_dead(qcc)) {
                TRACE_STATE("killing dead connection", QMUX_EV_STRM_END, qcc->conn);
-               qc_release(qcc);
+               goto release;
        }
        else if (qcc->task) {
                TRACE_DEVEL("refreshing connection's timeout", QMUX_EV_STRM_END, qcc->conn);
@@ -2110,6 +2110,12 @@ static void qc_detach(struct sedesc *sd)
        }
 
        TRACE_LEAVE(QMUX_EV_STRM_END, qcc->conn);
+       return;
+
+ release:
+       qc_release(qcc);
+       TRACE_LEAVE(QMUX_EV_STRM_END);
+       return;
 }
 
 /* Called from the upper layer, to receive data */