From a65dd3a2c891514313c5e19a507f79f37a90506d Mon Sep 17 00:00:00 2001
From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 19 Apr 2023 14:26:16 +0200
Subject: [PATCH] BUG/MINOR: quic: consume Rx datagram even on error

A BUG_ON crash can occur on qc_rcv_buf() if a Rx packet allocation
failed.

To fix this, datagram are marked as consumed even if a fatal error
occured during parsing. For the moment, only a Rx packet allocation
failure could provoke this. At this stage, it's unknown if the datagram
were partially parsed or not at all so it's better to discard it
completely.

This bug was detected using -dMfail argument.

This should be backported up to 2.7.
---
 src/quic_conn.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 8a0647405..314c978c4 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c
@@ -8252,6 +8252,8 @@ int quic_dgram_parse(struct quic_dgram *dgram, struct quic_conn *from_qc,
 	return 0;
 
  err:
+	/* Mark this datagram as consumed as maybe at least some packets were parsed. */
+	HA_ATOMIC_STORE(&dgram->buf, NULL);
 	TRACE_LEAVE(QUIC_EV_CONN_LPKT);
 	return -1;
 }