From e35463c767d693d24fc26b6575749e8594e56204 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20L=C3=A9caille?= Date: Sat, 27 Aug 2022 10:19:42 +0200 Subject: [PATCH] BUG/MINOR: quic: Null packet dereferencing from qc_dup_pkt_frms() trace This function must duplicate frames be resent from packets. Some of them are still in flight, others have already been detected as lost. In this case the original frame ->pkt member is NULL. Add a trace to distinguish these cases. Thank you to Tristan for having reported this issue in GH #1808. Must be backported to 2.6. --- src/xprt_quic.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/xprt_quic.c b/src/xprt_quic.c index 0aad27213..f5dedcab2 100644 --- a/src/xprt_quic.c +++ b/src/xprt_quic.c @@ -2355,8 +2355,13 @@ static void qc_dup_pkt_frms(struct quic_conn *qc, */ origin = frm->origin ? frm->origin : frm; TRACE_DEVEL("built probing frame", QUIC_EV_CONN_PRSAFRM, qc, origin); - TRACE_DEVEL("duplicated from packet", QUIC_EV_CONN_PRSAFRM, - qc, NULL, &origin->pkt->pn_node.key); + if (origin->pkt) + TRACE_DEVEL("duplicated from packet", QUIC_EV_CONN_PRSAFRM, + qc, NULL, &origin->pkt->pn_node.key); + else { + /* is a frame which was sent from a packet detected as lost. */ + TRACE_DEVEL("duplicated from lost packet", QUIC_EV_CONN_PRSAFRM, qc); + } *dup_frm = *origin; dup_frm->pkt = NULL; dup_frm->origin = origin;