From a0a510f0d2f3d1aebfa241d61ef340b6bc36c8c8 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Mon, 4 May 2026 11:12:08 +0200 Subject: [PATCH] BUG/MINOR: quic: fix trace crash on datagram receive Recently, datagram reception architecture has been completely reworked to improve performance. A regression has been introduced when using traces in qc_rcv_buf() : datagram argument is uninitialized after recv syscall. This may cause a crash as CIDs buffer is dereferenced. Fix this by removing dgram argument from the affected trace. A new trace is added after quic_dgram_init() to keep the ability to display the received content. This issue has caused failure of all QUIC interop testing. No need to backport. --- src/quic_sock.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/quic_sock.c b/src/quic_sock.c index 291a52153..20f0981f1 100644 --- a/src/quic_sock.c +++ b/src/quic_sock.c @@ -217,7 +217,7 @@ struct task *quic_lstnr_dghdlr(struct task *t, void *ctx, unsigned int state) return t; } -/* Retrieve the DCID from a QUIC datagram or packet at position, +/* Retrieve the DCID from a QUIC datagram or packet at position, * being at one byte past the end of this datagram. * Returns 1 if succeeded, 0 if not. */ @@ -855,7 +855,7 @@ int qc_rcv_buf(struct quic_conn *qc) b_add(&buf, ret); - TRACE_DEVEL("read datagram", QUIC_EV_CONN_RCV, qc, new_dgram); + TRACE_DEVEL("read datagram", QUIC_EV_CONN_RCV, qc); if (!quic_get_dgram_dcid(dgram_buf, dgram_buf + ret, &dcid_off, &dcid_len)) continue; @@ -873,6 +873,7 @@ int qc_rcv_buf(struct quic_conn *qc) } quic_dgram_init(new_dgram, dgram_buf, ret, NULL, dcid_off, dcid_len, &saddr, &daddr); + TRACE_DEVEL("datagram ready for parsing", QUIC_EV_CONN_RCV, qc, new_dgram); quic_dgram_parse(new_dgram, qc, l ? &l->obj_type : (qc->conn ? &__objt_server(qc->conn->target)->obj_type : NULL)); } while (ret > 0);