From b3ce4644354326616eddc3b701aaba5c7ded36d7 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Wed, 20 Aug 2025 17:16:28 +0200 Subject: [PATCH] BUG/MINOR: mux-quic: do not access conn after idle list insert Once a connection is inserted into the server idle/safe tree during stream detach, it is not accessed anymore by the muxes without idle_conns_lock protection. This is because the connection could have been already stolen by a takeover operation. Adjust QUIC MUX detach implementation to follow the same pattern. Note that, no bug can occur due to takeover as QUIC does not implement it. However, prior to this patch, there may still exist race-conditions with idle connection purging. No backport needed. --- src/mux_quic.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/mux_quic.c b/src/mux_quic.c index ad3eaef9c..af6e4428e 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -3822,6 +3822,11 @@ static void qmux_strm_detach(struct sedesc *sd) goto release; } + /* At this point, the connection has been added to the + * server idle list, so another thread may already have + * hijacked it, so we can't do anything with it. + */ + conn = NULL; goto end; } else if (!conn->hash_node->node.node.leaf_p &&