From 6133aba8896a939d16c2077ff25140651909192b Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Mon, 15 May 2023 09:35:59 +0200
Subject: [PATCH] BUG/MINOR: h3: missing goto on buf alloc failure

The following patch introduced proper error management on buffer
allocation failure :
  0abde9dee69fe151f5f181a34e0782ef840abe53
  BUG/MINOR: mux-quic: properly handle buf alloc failure

However, when decoding an empty STREAM frame with just FIN bit set, this
was not done correctly. Indeed, there is a missing goto statement in
case of a NULL buffer check.

This was reported thanks to coverity analysis. This should fix github
issue #2163.

This must be backported up to 2.6.
---
 src/h3.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/h3.c b/src/h3.c
index 99c2d7647..50e6b4f81 100644
--- a/src/h3.c
+++ b/src/h3.c
@@ -1061,6 +1061,7 @@ static ssize_t h3_decode_qcs(struct qcs *qcs, struct buffer *b, int fin)
 		if (!(appbuf = qc_get_buf(qcs, &qcs->rx.app_buf))) {
 			TRACE_ERROR("data buffer alloc failure", H3_EV_RX_FRAME, qcs->qcc->conn, qcs);
 			h3c->err = H3_INTERNAL_ERROR;
+			goto err;
 		}
 
 		htx = htx_from_buf(appbuf);