From cc5b9fa593e139fa330f8c7161ff7514315f2837 Mon Sep 17 00:00:00 2001
From: William Lallemand <wlallemand@haproxy.org>
Date: Tue, 21 Feb 2023 13:41:24 +0100
Subject: [PATCH] BUG/MEDIUM: mworker: don't register mworker_accept_wrapper()
 when master FD is wrong

This patch handles the case where the fd could be -1 when proc_self was
lost for some reason (environment variable corrupted or upgrade from < 1.9).

This could result in a out of bound array access fdtab[-1] and would crash.

Must be backported in every maintained versions.
---
 src/mworker.c |    3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/mworker.c b/src/mworker.c
index e6c8e51..d71bf61 100644
--- a/src/mworker.c
+++ b/src/mworker.c
@@ -470,6 +470,9 @@ static int mworker_sockpair_register_per_thread()
 	if (tid != 0)
 		return 1;
 
+	if (proc_self->ipc_fd[1] < 0) /* proc_self was incomplete and we can't find the socketpair */
+		return 1;
+
 	fd_set_nonblock(proc_self->ipc_fd[1]);
 	/* register the wrapper to handle read 0 when the master exits */
 	fdtab[proc_self->ipc_fd[1]].iocb = mworker_accept_wrapper;
-- 
1.7.10.4