BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace

This function must duplicate frames be resent from packets. Some of
them are still in flight, others have already been detected as lost.
In this case the original frame ->pkt member is NULL.
Add a trace to distinguish these cases.

Thank you to Tristan for having reported this issue in GH #1808.

Must be backported to 2.6.

diff --git a/src/xprt_quic.c b/src/xprt_quic.c
index 0aad272138771ccd4f11b35344206b2f468d793a..f5dedcab24150b34ffb2a80a80811f3c2788ff91 100644 (file)
--- a/src/xprt_quic.c
+++ b/src/xprt_quic.c
@@ -2355,8 +2355,13 @@ static void qc_dup_pkt_frms(struct quic_conn *qc,
                 */
                origin = frm->origin ? frm->origin : frm;
                TRACE_DEVEL("built probing frame", QUIC_EV_CONN_PRSAFRM, qc, origin);
-               TRACE_DEVEL("duplicated from packet", QUIC_EV_CONN_PRSAFRM,
-                           qc, NULL, &origin->pkt->pn_node.key);
+               if (origin->pkt)
+                       TRACE_DEVEL("duplicated from packet", QUIC_EV_CONN_PRSAFRM,
+                                   qc, NULL, &origin->pkt->pn_node.key);
+               else {
+                       /* <origin> is a frame which was sent from a packet detected as lost. */
+                       TRACE_DEVEL("duplicated from lost packet", QUIC_EV_CONN_PRSAFRM, qc);
+               }
                *dup_frm = *origin;
                dup_frm->pkt = NULL;
                dup_frm->origin = origin;