BUG/MEDIUM: quic-be: crash after backend CID allocation failures

This bug impacts only the QUIC backends. It arrived with this commit:
   MINOR: quic-be: QUIC connection allocation adaptation (qc_new_conn())
which was supposed to be fixed by:
   BUG/MEDIUM: quic: crash after quic_conn allocation failures
but this commit was not sufficient.

Such a crashe could be reproduced with -dMfail option. To reach it, the
<conn_id> object allocation must fail (from qc_new_conn()). So, this is
relatively rare, except on systems with limited memory.

No need to backport.

diff --git a/src/quic_conn.c b/src/quic_conn.c
index e9be5540eb21e316c9ecafa34d5e0ff8e97558af..311598392e2f6874dea4d9854eec73d4591b5d49 100644 (file)
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1134,7 +1134,8 @@ struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
        qc->cids = NULL;
        qc->tx.cc_buf_area = NULL;
        qc_init_fd(qc);
-
+       /* Required to call pool_free() from quic_conn_release() */
+       qc->rx.buf.area = NULL;
        LIST_INIT(&qc->back_refs);
        LIST_INIT(&qc->el_th_ctx);