From 50fe00650f5a874a69a321ff371f8b2ee6f61403 Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Thu, 11 May 2023 16:52:48 +0200
Subject: [PATCH] BUG/MINOR: quic: do not alloc buf count on alloc failure

The total number of buffer per connection for sending is limited by a
configuration value. To ensure this, <stream_buf_count> quic_conn field
is incremented on qc_stream_buf_alloc().

qc_stream_buf_alloc() may fail if the buffer cannot be allocated. In
this case, <stream_buf_count> should not be incremented. To fix this,
simply move increment operation after buffer allocation.

The impact of this bug is low. However, if a connection suffers from
several buffer allocation failure, it may cause the <stream_buf_count>
to be incremented over the limit without being able to go back down.

This must be backported up to 2.6.
---
 src/quic_stream.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/quic_stream.c b/src/quic_stream.c
index a984ce906..ef9ebcd68 100644
--- a/src/quic_stream.c
+++ b/src/quic_stream.c
@@ -241,13 +241,13 @@ struct buffer *qc_stream_buf_alloc(struct qc_stream_desc *stream,
 	if (!qc_stream_buf_avail(qc))
 		return NULL;
 
-	++qc->stream_buf_count;
-
 	stream->buf_offset = offset;
 	stream->buf = pool_alloc(pool_head_quic_stream_buf);
 	if (!stream->buf)
 		return NULL;
 
+	++qc->stream_buf_count;
+
 	stream->buf->buf = BUF_NULL;
 	LIST_APPEND(&stream->buf_list, &stream->buf->list);