BUG/MINOR: quic: fix crash on quic_conn alloc failure

a-denoyelle · a-denoyelle · commit d358da4d8378 · 2025-05-19T11:03:48.000+02:00
If there is an alloc failure during qc_new_conn(), cleaning is done via quic_conn_release(). However, since the below commit, an unchecked dereferencing of <qc.path> is performed in the latter. e841164 MINOR: quic: account for global congestion window To fix this, simply check <qc.path> before dereferencing it in quic_conn_release(). This is safe as it is properly initialized to NULL on qc_new_conn() first stage. This does not need to be backported.
diff --git a/src/quic_conn.c b/src/quic_conn.c
@@ -1448,8 +1448,10 @@ int quic_conn_release(struct quic_conn *qc)
 	}
 
 	/* Substract last congestion window from global memory counter. */
-	cshared_add(&quic_mem_diff, -qc->path->cwnd);
-	qc->path->cwnd = 0;
+	if (qc->path) {
+		cshared_add(&quic_mem_diff, -qc->path->cwnd);
+		qc->path->cwnd = 0;
+	}
 
 	/* free remaining stream descriptors */
 	node = eb64_first(&qc->streams_by_id);
