From: Frederic Lecaille <flecaille@haproxy.com>
Date: Thu, 28 Aug 2025 05:58:00 +0000 (+0200)
Subject: BUG/MINOR: mux-quic: trace with non initialized qcc
X-Git-Tag: v3.0.12~58
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=d6edf7c5f956f6f250daf15d8350832cd483c5c2;p=haproxy-3.0.git

BUG/MINOR: mux-quic: trace with non initialized qcc

This issue leads to crashes when the QUIC mux traces are enabled and could be
reproduced with -dMfail. When the qcc allocation fails (qcc_init()) haproxy
crashes into qmux_dump_qcc_info() because ->conn qcc member is initialized:

Program terminated with signal SIGSEGV, Segmentation fault.
    at src/qmux_trace.c:146
146             const struct quic_conn *qc = qcc->conn->handle.qc;
[Current thread is 1 (LWP 1448960)]
(gdb) p qcc
$1 = (const struct qcc *) 0x7f9c63719fa0
(gdb) p qcc->conn
$2 = (struct connection *) 0x155550508
(gdb)

This patch simply fixes the TRACE() call concerned to avoid <qcc> object
dereferencing when it is NULL.

Must be backported as far as 3.0.

(cherry picked from commit ffa926ead3f17cd8da773daa137184619bfc1a0a)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 46a8238ca06f28a057658c2dade22ac894c571cf)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit cc3c9a786f8eeba582342838014c2c2e29c3b4da)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---

diff --git a/src/mux_quic.c b/src/mux_quic.c
index cfc1775..92df120 100644
--- a/src/mux_quic.c
+++ b/src/mux_quic.c
@@ -2910,7 +2910,7 @@ static int qmux_init(struct connection *conn, struct proxy *prx,
 		conn->ctx = NULL;
 	}
 
-	TRACE_DEVEL("leaving on error", QMUX_EV_QCC_NEW, conn);
+	TRACE_DEVEL("leaving on error", QMUX_EV_QCC_NEW, qcc ? conn : NULL);
 	return -1;
 }