Skip to content

Fix double deref in connection pool error path #5597

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 19, 2025
Merged

Fix double deref in connection pool error path #5597

merged 4 commits into from
Nov 19, 2025

Conversation

@guhetier
Copy link
Collaborator

@guhetier guhetier commented Nov 18, 2025
edited
Loading

Description

When creating a connection pool, if a QuicConnStart fails:

  • the connection was marked as ExternalOwner to prevent it from sending notification to the app
    • but this also mean that the closing logic will take care of releasing the owner refcount, since the application is not the owner yet
  • the connection was closed using MsQuicConnectionClose, which release the refcount of the application

This caused a double release, triggering an assertion.

We should not call APIs from internal call (it makes logging confusing and breaks some assumptions), so queue the connection close manually instead.

Fixes #5550.

Testing

C/I.
Need to consider if there is a simply way to deterministically test the connection pool failure paths.

Documentation

N/A

@guhetier guhetier requested a review from a team as a code owner November 18, 2025 01:55
@guhetier guhetier requested a review from anrossi November 18, 2025 01:55
github-advanced-security[bot]
github-advanced-security bot found potential problems Nov 18, 2025
View reviewed changes
mtfriesen
mtfriesen reviewed Nov 18, 2025
View reviewed changes
mtfriesen
mtfriesen reviewed Nov 18, 2025
View reviewed changes
@guhetier guhetier closed this Nov 19, 2025
@guhetier guhetier reopened this Nov 19, 2025
@codecov
Copy link

codecov bot commented Nov 19, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 4.54545% with 21 lines in your changes missing coverage. Please review.
✅ Project coverage is 85.15%. Comparing base (d3d182c) to head (5e8f7bb).
⚠️ Report is 3 commits behind head on main.

Files with missing lines Patch % Lines
src/core/connection_pool.c 4.54% 21 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5597      +/-   ##
==========================================
+ Coverage   84.81%   85.15%   +0.33%     
==========================================
  Files          60       60              
  Lines       18647    18663      +16     
==========================================
+ Hits        15816    15893      +77     
+ Misses       2831     2770      -61

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@guhetier guhetier merged commit e71ea64 into main Nov 19, 2025
580 of 585 checks passed
@guhetier guhetier deleted the guhetier/connection_pool_refcount branch November 19, 2025 17:30
guhetier added a commit that referenced this pull request Nov 19, 2025
@guhetier
Fix double deref in connection pool error path (#5597)
79b5313 
## Description

When creating a connection pool, if a `QuicConnStart` fails:
- the connection was marked as `ExternalOwner` to prevent it from
sending notification to the app
- but this also mean that the closing logic will take care of releasing
the owner refcount, since the application is not the owner yet
- the connection was closed using `MsQuicConnectionClose`, which release
the refcount of the application

This caused a double release, triggering an assertion.

We should not call APIs from internal call (it makes logging confusing
and breaks some assumptions), so queue the connection close manually
instead.

Fixes #5550.

## Testing

C/I.
Need to consider if there is a simply way to deterministically test the
connection pool failure paths.

## Documentation

N/A
guhetier added a commit that referenced this pull request Nov 19, 2025
@guhetier
[CP] Fix double deref in connection pool error path (#5597) (#5601)
ac83e94 
## Description

When creating a connection pool, if a `QuicConnStart` fails:
- the connection was marked as `ExternalOwner` to prevent it from
sending notification to the app
- but this also mean that the closing logic will take care of releasing
the owner refcount, since the application is not the owner yet
- the connection was closed using `MsQuicConnectionClose`, which release
the refcount of the application

This caused a double release, triggering an assertion.

We should not call APIs from internal call (it makes logging confusing
and breaks some assumptions), so queue the connection close manually
instead.

Fixes #5550.

## Testing

C/I.
Need to consider if there is a simple way to deterministically test the
connection pool failure paths.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtfriesen mtfriesen mtfriesen approved these changes

@anrossi anrossi anrossi approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[CI - FAILURE] Handshake/WithHandshakeArgs12.ConnectionPoolCreate failed hitting an assertion

4 participants

@guhetier @mtfriesen @anrossi