Mercurial > hg > nginx
comparison src/event/quic/ngx_event_quic_streams.c @ 9210:4ed4e1e7f115
QUIC: fixed stream cleanup (ticket #2586).
Stream connection cleanup handler ngx_quic_stream_cleanup_handler() calls
ngx_quic_shutdown_stream() after which it resets the pointer from quic stream
to the connection (sc->connection = NULL). Previously if this call failed,
sc->connection retained the old value, while the connection was freed by the
application code. This resulted later in a second attempt to close the freed
connection, which lead to allocator double free error.
The fix is to reset the sc->connection pointer in case of error.
| author | Roman Arutyunyan <arut@nginx.com> |
|---|---|
| date | Wed, 14 Feb 2024 15:55:37 +0400 |
| parents | ad3d34ddfdcc |
| children |
comparison
equal
deleted
inserted
replaced
| 9209:1bf1b423f268 | 9210:4ed4e1e7f115 |
|---|---|
| 1095 | 1095 |
| 1096 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, qs->parent->log, 0, | 1096 ngx_log_debug1(NGX_LOG_DEBUG_EVENT, qs->parent->log, 0, |
| 1097 "quic stream id:0x%xL cleanup", qs->id); | 1097 "quic stream id:0x%xL cleanup", qs->id); |
| 1098 | 1098 |
| 1099 if (ngx_quic_shutdown_stream(c, NGX_RDWR_SHUTDOWN) != NGX_OK) { | 1099 if (ngx_quic_shutdown_stream(c, NGX_RDWR_SHUTDOWN) != NGX_OK) { |
| 1100 qs->connection = NULL; | |
| 1100 goto failed; | 1101 goto failed; |
| 1101 } | 1102 } |
| 1102 | 1103 |
| 1103 qs->connection = NULL; | 1104 qs->connection = NULL; |
| 1104 | 1105 |