From d6edf7c5f956f6f250daf15d8350832cd483c5c2 Mon Sep 17 00:00:00 2001 From: Frederic Lecaille Date: Thu, 28 Aug 2025 07:58:00 +0200 Subject: [PATCH] BUG/MINOR: mux-quic: trace with non initialized qcc This issue leads to crashes when the QUIC mux traces are enabled and could be reproduced with -dMfail. When the qcc allocation fails (qcc_init()) haproxy crashes into qmux_dump_qcc_info() because ->conn qcc member is initialized: Program terminated with signal SIGSEGV, Segmentation fault. at src/qmux_trace.c:146 146 const struct quic_conn *qc = qcc->conn->handle.qc; [Current thread is 1 (LWP 1448960)] (gdb) p qcc $1 = (const struct qcc *) 0x7f9c63719fa0 (gdb) p qcc->conn $2 = (struct connection *) 0x155550508 (gdb) This patch simply fixes the TRACE() call concerned to avoid object dereferencing when it is NULL. Must be backported as far as 3.0. (cherry picked from commit ffa926ead3f17cd8da773daa137184619bfc1a0a) Signed-off-by: Christopher Faulet (cherry picked from commit 46a8238ca06f28a057658c2dade22ac894c571cf) Signed-off-by: Christopher Faulet (cherry picked from commit cc3c9a786f8eeba582342838014c2c2e29c3b4da) Signed-off-by: Christopher Faulet --- src/mux_quic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/mux_quic.c b/src/mux_quic.c index cfc1775..92df120 100644 --- a/src/mux_quic.c +++ b/src/mux_quic.c @@ -2910,7 +2910,7 @@ static int qmux_init(struct connection *conn, struct proxy *prx, conn->ctx = NULL; } - TRACE_DEVEL("leaving on error", QMUX_EV_QCC_NEW, conn); + TRACE_DEVEL("leaving on error", QMUX_EV_QCC_NEW, qcc ? conn : NULL); return -1; } -- 1.7.10.4