From: Amaury Denoyelle Date: Wed, 19 Apr 2023 15:58:39 +0000 (+0200) Subject: BUG/MINOR: mux-quic: fix crash with app ops install failure X-Git-Tag: v2.8-dev8~78 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed820823f0857af6a3d792ccb2a3d39bee86d401;p=thirdparty%2Fhaproxy.git BUG/MINOR: mux-quic: fix crash with app ops install failure On MUX initialization, the application layer is setup via qcc_install_app_ops(). If this function fails MUX is deallocated and an error is returned. This code path causes a crash before connection has been registered prior into the mux_stopping_data::list for stopping idle frontend conns. To fix this, insert the connection later in qc_init() once no error can occured. The crash was seen on the process closing with SUGUSR1 with a segfault on mux_stopping_process(). This was reproduced using -dMfail. This regression was introduced by the following patch : commit b4d119f0c75ce7c5a977ece18dc975e14f9b460c BUG/MEDIUM: mux-quic: fix crash on H3 SETTINGS emission This should be backported up to 2.7. --- diff --git a/src/mux_quic.c b/src/mux_quic.c index 291f4b3bbb..a74aa95809 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -2379,13 +2379,6 @@ static int qc_init(struct connection *conn, struct proxy *prx, qcc_reset_idle_start(qcc); LIST_INIT(&qcc->opening_list); - if (!conn_is_back(conn)) { - if (!LIST_INLIST(&conn->stopping_list)) { - LIST_APPEND(&mux_stopping_data[tid].list, - &conn->stopping_list); - } - } - HA_ATOMIC_STORE(&conn->handle.qc->qcc, qcc); if (qcc_install_app_ops(qcc, conn->handle.qc->app_ops)) { @@ -2398,6 +2391,10 @@ static int qc_init(struct connection *conn, struct proxy *prx, if (qcc->app_ops == &h3_ops) proxy_inc_fe_cum_sess_ver_ctr(sess->listener, prx, 3); + /* Register conn for idle front closing. This is done once everything is allocated. */ + if (!conn_is_back(conn)) + LIST_APPEND(&mux_stopping_data[tid].list, &conn->stopping_list); + /* init read cycle */ tasklet_wakeup(qcc->wait_event.tasklet);