Fix: use after free of a relayd stream
A race could occur with a stream destruction and a control connection
being destroyed emptying its recv_list. A freed stream could still be in
the list thus having a use after free during the connection destroy.
That was triggering undefined behavior from infinite looping to
segmentation faults.
We've observed this issue on high load stress test. A relayd received
all the stream but NOT the streams sent command which empty the list.
This can happen if a start tracing never occured or failed on the
application side thus the close stream command is sent to the relayd
freeing the stream before it is removed from that list.
Signed-off-by: David Goulet <dgoulet@efficios.com>
This page took 0.025722 seconds and 4 git commands to generate.