From cc9827bb0999dbba1f8542d8dd05bc2c57ad1f1d Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Fri, 10 May 2024 10:42:07 +0200 Subject: [PATCH] BUG/MEDIUM: mux-quic: fix crash on STOP_SENDING received without SD Abort reason code received on STOP_SENDING is notified to upper layer since the following commit : 367ce1ebf3e4cead319a9f01581037c9f0280e77 MINOR: mux-quic: Set tha SE abort reason when a STOP_SENDING frame is received However, this causes a crash when a STOP_SENDING is received on a QCS instance without any stream instantiated. Fix this by checking first if qcs->sd is not NULL before setting abort code. This bug can easily be reproduced by emitting a STOP_SENDING as first frame of a stream. This should fix github issue #2563. This does not need to be backported. --- src/mux_quic.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index b7f3f9ca26..b90077b04e 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -1585,18 +1585,18 @@ int qcc_recv_stop_sending(struct qcc *qcc, uint64_t id, uint64_t err) } } - /* If FIN already reached, future RESET_STREAMS will be ignored. - * Manually set EOS in this case. - */ - if (qcs_sc(qcs) && se_fl_test(qcs->sd, SE_FL_EOI)) { - se_fl_set(qcs->sd, SE_FL_EOS); - qcs_alert(qcs); - } + if (qcs_sc(qcs)) { + /* Manually set EOS if FIN already reached as futures RESET_STREAM will be ignored in this case. */ + if (se_fl_test(qcs->sd, SE_FL_EOI)) { + se_fl_set(qcs->sd, SE_FL_EOS); + qcs_alert(qcs); + } - /* If not defined yet, set abort info for the sedesc */ - if (!qcs->sd->abort_info.info) { - qcs->sd->abort_info.info = (SE_ABRT_SRC_MUX_QUIC << SE_ABRT_SRC_SHIFT); - qcs->sd->abort_info.code = err; + /* If not defined yet, set abort info for the sedesc */ + if (!qcs->sd->abort_info.info) { + qcs->sd->abort_info.info = (SE_ABRT_SRC_MUX_QUIC << SE_ABRT_SRC_SHIFT); + qcs->sd->abort_info.code = err; + } } /* RFC 9000 3.5. Solicited State Transitions -- 2.39.5