From: Willy Tarreau <w@1wt.eu>
Date: Mon, 15 Oct 2018 09:08:55 +0000 (+0200)
Subject: BUG/MEDIUM: stream: don't crash on out-of-memory
X-Git-Tag: v1.9-dev4~47
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5f229e6392fd54aaba7fe58f457723c16b9d15f;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: stream: don't crash on out-of-memory

In case pool_alloc() fails in stream_new(), we try to detach the stream
from the list before it has been added, dereferencing a NULL. In order
to fix it, simply move the LIST_DEL call upwards.

This must be backported to 1.8.
---

diff --git a/src/stream.c b/src/stream.c
index a57879d861..42a6c48c97 100644
--- a/src/stream.c
+++ b/src/stream.c
@@ -289,10 +289,10 @@ struct stream *stream_new(struct session *sess, enum obj_type *origin)
 	flt_stream_release(s, 0);
 	task_free(t);
 	tasklet_free(s->si[1].wait_event.task);
+	LIST_DEL(&s->list);
 out_fail_alloc_si1:
 	tasklet_free(s->si[0].wait_event.task);
  out_fail_alloc:
-	LIST_DEL(&s->list);
 	pool_free(pool_head_stream, s);
 	return NULL;
 }