Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 557d30a33976b5996a9d78fdecb4d327cd0ac4dd^! / .
commit557d30a33976b5996a9d78fdecb4d327cd0ac4dd[log] [tgz]
authorFrédéric Lécaille <flecaille@haproxy.com>Wed Jun 14 18:09:54 2023 +0200
committerWilliam Lallemand <wlallemand@haproxy.org>Thu Jun 22 11:56:25 2023 +0200
tree0f0faf8dbccf470d0501a19d786c0d21973a7264
parente111b72805c382d0dac8bc6f1cf93be4c4ef5e34 [diff]
BUG/MINOR: quic: Possible crash in quic_conn_prx_cntrs_update()

quic_conn_prx_cntrs_update() may be called from quic_conn_release() with
NULL as value for ->prx_counters member. This is the case when qc_new_conn() fails
when allocating <buf_area>. In this case quic_conn_prx_cntrs_update() BUG_ON().

Must be backported as far as 2.7.

(cherry picked from commit c02d898cd13d036e1897daae5e2362ec8705e427)
Signed-off-by: William Lallemand <wlallemand@haproxy.org>

diff --git a/src/quic_conn.c b/src/quic_conn.c
index 319a614..e5fd58b 100644
--- a/src/quic_conn.c
+++ b/src/quic_conn.c

@@ -5716,7 +5716,9 @@
 /* Update the proxy counters of <qc> QUIC connection from its counters */
 static inline void quic_conn_prx_cntrs_update(struct quic_conn *qc)
 {
-	BUG_ON(!qc->prx_counters);
+	if (!qc->prx_counters)
+		return;
+
 	HA_ATOMIC_ADD(&qc->prx_counters->dropped_pkt, qc->cntrs.dropped_pkt);
 	HA_ATOMIC_ADD(&qc->prx_counters->dropped_pkt_bufoverrun, qc->cntrs.dropped_pkt_bufoverrun);
 	HA_ATOMIC_ADD(&qc->prx_counters->dropped_parsing, qc->cntrs.dropped_parsing);