From ebf90ca550a711b8b5f2620c83f51b4461839cd2 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 10 Nov 2023 17:04:23 +0100 Subject: [PATCH] BUG/MEDIUM: applet: Remove appctx from buffer wait list on release For now, the appctx is removed from the buffer wait list when it is freed. However, when it is released, it is not necessarily freed immediately. But it is detached from the SC. If it is still registered in the buffer wait list, it could then be woken up to get a buffer. At this stage it is totally unexpected, especially because we must access the SC. The fix is obvious, the appctx must be removed from the buffer wait list on release. Note this bug exists because the appctx was moved at the mux level. This patch must be backported as far as 2.6. --- src/applet.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/applet.c b/src/applet.c index 674cf8349..93178ec14 100644 --- a/src/applet.c +++ b/src/applet.c @@ -360,6 +360,9 @@ void appctx_shut(struct appctx *appctx) if (appctx->applet->release) appctx->applet->release(appctx); + if (LIST_INLIST(&appctx->buffer_wait.list)) + LIST_DEL_INIT(&appctx->buffer_wait.list); + se_fl_set(appctx->sedesc, SE_FL_SHRR | SE_FL_SHWN); TRACE_LEAVE(APPLET_EV_RELEASE, appctx); }