mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2026-02-03 16:31:08 +01:00
958f0742a2
While the SI_ST_DIS state is set *after* doing the close on a connection, it was set *before* calling release on an applet. Applets have no internal flags contrary to connections, so they have no way to detect they were already released. Because of this it happened that applets were closed twice, once via si_applet_release() and once via si_release_endpoint() at the end of a transaction. The CLI applet could perform a double free in this case, though the situation to cause it is quite hard because it requires that the applet is stuck on output in states that produce very few data. In order to solve this, we now assign the SI_ST_DIS state *after* calling ->release, and we refrain from doing so if the state is already assigned. This makes applets work much more like connections and definitely avoids this double release. In the future it might be worth making applets have their own flags like connections to carry their own state regardless of the stream interface's state, especially when dealing with connection reuse. No backport is needed since this issue was caused by the rearchitecture in 1.6.