[PATCH 3 of 4] QUIC: fixed stream cleanup (ticket #2586)
Maxim Dounin
mdounin at mdounin.ru
Mon Feb 19 00:04:09 UTC 2024
# HG changeset patch
# User Roman Arutyunyan <arut at nginx.com>
# Date 1707911737 -14400
# Wed Feb 14 15:55:37 2024 +0400
# Node ID 4ed4e1e7f115cd48ee891d7cae172d5745e38e00
# Parent 1bf1b423f26853d0453ee30fa4ed4467ea05af7c
QUIC: fixed stream cleanup (ticket #2586).
Stream connection cleanup handler ngx_quic_stream_cleanup_handler() calls
ngx_quic_shutdown_stream() after which it resets the pointer from quic stream
to the connection (sc->connection = NULL). Previously if this call failed,
sc->connection retained the old value, while the connection was freed by the
application code. This resulted later in a second attempt to close the freed
connection, which lead to allocator double free error.
The fix is to reset the sc->connection pointer in case of error.
diff --git a/src/event/quic/ngx_event_quic_streams.c b/src/event/quic/ngx_event_quic_streams.c
--- a/src/event/quic/ngx_event_quic_streams.c
+++ b/src/event/quic/ngx_event_quic_streams.c
@@ -1097,6 +1097,7 @@ ngx_quic_stream_cleanup_handler(void *da
"quic stream id:0x%xL cleanup", qs->id);
if (ngx_quic_shutdown_stream(c, NGX_RDWR_SHUTDOWN) != NGX_OK) {
+ qs->connection = NULL;
goto failed;
}
More information about the nginx-devel
mailing list