BUG/MINOR: mux-quic: prevent crash if conn released during IO callback
A qcc instance may be freed in the middle of qc_io_cb() if all streams
were purged. This will lead to a crash as qcc instance is reused after
this step. Jump directly to the end of the function to avoid this.
Note that this bug has not been triggered for the moment. This is a
safety fix to prevent it.
This must be backported up to 2.6.
diff --git a/src/mux_quic.c b/src/mux_quic.c
index d485157..5580d46 100644
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -1673,6 +1673,7 @@
if (qc_purge_streams(qcc)) {
if (qcc_is_dead(qcc)) {
qc_release(qcc);
+ goto end;
}
else if (qcc->task) {
if (qcc_may_expire(qcc))
@@ -1685,6 +1686,7 @@
qc_recv(qcc);
+ end:
TRACE_LEAVE(QMUX_EV_QCC_WAKE);
return NULL;