From 4fb89086059d50bde409feb2920ae848da74a8a2 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 20 Nov 2025 18:14:55 +0100 Subject: [PATCH] BUG/MINOR: mux-quic: fix sedesc leak on BE side On backend side, streams are instantiated prior to their QCS MUX counterpart. Thus, QCS can reuse the stream-endpoint already allocated with the streams, either on qmux_init() or attach operation. However, a stream-endpoint is also always allocated in every qcs_new() invokation. For backend QCS, it is thus overwritten on qmux_init()/attach operation. This causes a memleak. Fix this by restricting allocation of stream-endpoint only for frontend connection. This does not need to be backported. --- src/mux_quic.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index ffbb663ee..947c10609 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -194,16 +194,18 @@ static struct qcs *qcs_new(struct qcc *qcc, uint64_t id, enum qcs_type type) tot_time_reset(&qcs->timer.fctl); tot_time_start(&qcs->timer.base); - qcs->sd = sedesc_new(); - if (!qcs->sd) - goto err; - qcs->sd->se = qcs; - qcs->sd->conn = qcc->conn; - se_fl_set(qcs->sd, SE_FL_T_MUX | SE_FL_ORPHAN | SE_FL_NOT_FIRST); - se_expect_no_data(qcs->sd); + if (!conn_is_back(conn)) { + qcs->sd = sedesc_new(); + if (!qcs->sd) + goto err; + qcs->sd->se = qcs; + qcs->sd->conn = qcc->conn; + se_fl_set(qcs->sd, SE_FL_T_MUX | SE_FL_ORPHAN | SE_FL_NOT_FIRST); + se_expect_no_data(qcs->sd); - if (!(global.tune.no_zero_copy_fwd & NO_ZERO_COPY_FWD_QUIC_SND)) - se_fl_set(qcs->sd, SE_FL_MAY_FASTFWD_CONS); + if (!(global.tune.no_zero_copy_fwd & NO_ZERO_COPY_FWD_QUIC_SND)) + se_fl_set(qcs->sd, SE_FL_MAY_FASTFWD_CONS); + } /* Allocate transport layer stream descriptor. Only needed for TX. */ if (!quic_stream_is_uni(id) || !quic_stream_is_remote(qcc, id)) { -- 2.47.3