mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2026-03-06 15:41:36 +01:00
Code Issues Projects Releases Wiki Activity

BUG/MINOR: mux-quic: fix crash on qcc_init() early return

Browse Source 
qcc_release() may be used in case qcc_init() cannot complete. In this
case, connection instance is NULL. As such, it cannot be dereferenced
without testing it first.

This should fix github coverity report #2739.

No backport needed.
This commit is contained in:
Amaury Denoyelle 2024-10-02 10:21:02 +02:00
parent cea1379cf1
commit 58b7a72d07
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/mux_quic.c
View File

@ -2626,7 +2626,7 @@ static void qcc_release(struct qcc *qcc)
{
struct connection *conn = qcc->conn;
struct eb64_node *node;
struct quic_conn *qc = conn->handle.qc;
struct quic_conn *qc;
TRACE_ENTER(QMUX_EV_QCC_END, conn);
@ -2644,11 +2644,14 @@ static void qcc_release(struct qcc *qcc)
}
/* unsubscribe from all remaining qc_stream_desc */
node = eb64_first(&qc->streams_by_id);
while (node) {
struct qc_stream_desc *stream = eb64_entry(node, struct qc_stream_desc, by_id);
qc_stream_desc_sub_room(stream, NULL);
node = eb64_next(node);
if (conn) {
qc = conn->handle.qc;
node = eb64_first(&qc->streams_by_id);
while (node) {
struct qc_stream_desc *stream = eb64_entry(node, struct qc_stream_desc, by_id);
qc_stream_desc_sub_room(stream, NULL);
node = eb64_next(node);
}
}
tasklet_free(qcc->wait_event.tasklet);