From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Tue, 26 May 2026 12:25:32 +0000 (+0200)
Subject: BUG/MINOR: qmux: do not crash on frame parsing issue
X-Git-Tag: v3.4-dev14~11
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=2c0e633f6b00ef4cde0e0bc1a10d72fd4f9b6e65;p=thirdparty%2Fhaproxy.git

BUG/MINOR: qmux: do not crash on frame parsing issue

Ensure frame parsing error does not cause a crash by removing the
associated BUG_ON()/ABORT_NOW().

For now, connection is flagged on error, which ensures that any
send/receive future operations are prevented and connection is closed
asap. In the future, a proper CONNECTION_CLOSE will be required as
defined by QMux protocol.

No need to backport.
---

diff --git a/src/qcm_qmux.c b/src/qcm_qmux.c
index 801ad3e10..da55f1767 100644
--- a/src/qcm_qmux.c
+++ b/src/qcm_qmux.c
@@ -188,11 +188,10 @@ int qcc_qmux_recv(struct qcc *qcc)
 			buf_rec = b_make(b_orig(buf), b_size(buf),
 			                 b_head_ofs(buf), qcc->rx.rlen);
 			frm_ret = qmux_parse_frm(qcc, &buf_rec);
-
-			BUG_ON(frm_ret < 0); /* TODO handle fatal errors */
 			if (!frm_ret) {
-				/* emit FRAME_ENCODING_ERROR */
-				ABORT_NOW();
+				/* TODO implement proper connection closure */
+				conn->flags |= CO_FL_ERROR;
+				goto out;
 			}
 
 			/* A frame cannot be bigger than a record thanks to <buf_rec> delimitation. */