From 28c531e2a96274958343a20efd5f02b424102401 Mon Sep 17 00:00:00 2001
From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 21 Aug 2025 10:32:23 +0200
Subject: [PATCH] BUG/MEDIUM: quic-be: crash after backend CID allocation
 failures

This bug impacts only the QUIC backends. It arrived with this commit:
   MINOR: quic-be: QUIC connection allocation adaptation (qc_new_conn())
which was supposed to be fixed by:
   BUG/MEDIUM: quic: crash after quic_conn allocation failures
but this commit was not sufficient.

Such a crashe could be reproduced with -dMfail option. To reach it, the
<conn_id> object allocation must fail (from qc_new_conn()). So, this is
relatively rare, except on systems with limited memory.

No need to backport.
---
 src/quic_conn.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/quic_conn.c b/src/quic_conn.c
index e9be5540e..311598392 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -1134,7 +1134,8 @@ struct quic_conn *qc_new_conn(const struct quic_version *qv, int ipv4,
 	qc->cids = NULL;
 	qc->tx.cc_buf_area = NULL;
 	qc_init_fd(qc);
-
+	/* Required to call pool_free() from quic_conn_release() */
+	qc->rx.buf.area = NULL;
 	LIST_INIT(&qc->back_refs);
 	LIST_INIT(&qc->el_th_ctx);
 
-- 
2.47.2