BUG/MINOR: mux-h1: Fix trace message in h1_detroy() to not relay on connection

h1_destroy() may be called to release a H1C after a multiplexer upgrade. In
that case, the connection is no longer attached to the H1C. It must not be
used in the h1 trace message because the connection context is no longer a H1C.

Because of this bug, when a H1>H2 upgrade is performed, a crash may be
experienced if the H1 traces are enabled.

This patch must be backport to all stable versions.

(cherry picked from commit 7dc4e94830ef8fe9b0ffc2901d63b9f3183ed12c)
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/src/mux_h1.c b/src/mux_h1.c
index de862b5..8efaa0f 100644 (file)
--- a/src/mux_h1.c
+++ b/src/mux_h1.c
@@ -4426,7 +4426,7 @@ static void h1_destroy(void *ctx)
 {
        struct h1c *h1c = ctx;
 
-       TRACE_POINT(H1_EV_H1C_END, h1c->conn);
+       TRACE_POINT(H1_EV_H1C_END);
        if (!h1c->h1s || h1c->conn->ctx != h1c)
                h1_release(h1c);
 }