git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Tristan Madani <tristan@talencesecurity.com>
	Tue, 16 Jun 2026 08:42:10 +0000 (10:42 +0200)
committer	Amaury Denoyelle <adenoyelle@haproxy.com>
	Tue, 16 Jun 2026 15:03:14 +0000 (17:03 +0200)
commit	9a6d1fe3f00d86ab4ea6ea6ea0a5d48fc058a513
tree	0dd301443331c684f856e035fc15ada977ca0428	tree \| snapshot
parent	8e1c51378e9949ae5f87a0cd107d9f388b0ba5c0	commit \| diff

BUG/MINOR: hpack-tbl: add missing NULL check after hpack_dht_defrag()

hpack_dht_insert() has three call sites for hpack_dht_defrag(). Two of
them (lines 293 and 306) correctly check for a NULL return and bail out
with -1. The third (line 353, data-space defrag path) assigns the return
value to dht and immediately dereferences it without a NULL check.

When pool_head_hpack_tbl is exhausted, hpack_dht_alloc() returns NULL,
hpack_dht_defrag() propagates it, and line 354 dereferences NULL+0x0a
(offsetof wrap), crashing the worker with SIGSEGV.

Add a NULL check consistent with the two other call sites.

This must be backported to all stable versions.

Reported-by: Tristan (@TristanInSec)