BUG/MINOR: quic: consume Rx datagram even on error

A BUG_ON crash can occur on qc_rcv_buf() if a Rx packet allocation
failed.

To fix this, datagram are marked as consumed even if a fatal error
occured during parsing. For the moment, only a Rx packet allocation
failure could provoke this. At this stage, it's unknown if the datagram
were partially parsed or not at all so it's better to discard it
completely.

This bug was detected using -dMfail argument.

This should be backported up to 2.7.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 8a0647405cbaa176392dbf3a5948853ccae0629b..314c978c4eb505aa6a29bdb20b237f678da88684 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -8252,6 +8252,8 @@ int quic_dgram_parse(struct quic_dgram *dgram, struct quic_conn *from_qc,
        return 0;
 
  err:
+       /* Mark this datagram as consumed as maybe at least some packets were parsed. */
+       HA_ATOMIC_STORE(&dgram->buf, NULL);
        TRACE_LEAVE(QUIC_EV_CONN_LPKT);
        return -1;
 }