Skip to content

quic: guard against null impl_ in UpdateDataStats#62126

Open
zerone0x wants to merge 2 commits intonodejs:mainfrom
zerone0x:fix/quic-null-deref-updatedatastats
Open

quic: guard against null impl_ in UpdateDataStats#62126
zerone0x wants to merge 2 commits intonodejs:mainfrom
zerone0x:fix/quic-null-deref-updatedatastats

Conversation

@zerone0x
Copy link

@zerone0x zerone0x commented Mar 6, 2026

When a QUIC session's handshake fails or the connection is
terminated early, `UpdateDataStats()` can be called before `impl_`
has been initialized, leading to a null pointer dereference
and SIGSEGV.

Add an early return when `impl_` is nullptr to prevent the crash.

Fixes: #62057

@zerone0x @claude
quic: guard against null impl_ in UpdateDataStats
cabca4b 
When a QUIC session's handshake fails or the connection is
terminated early, UpdateDataStats() can be called before impl_
has been initialized, leading to a null pointer dereference
and SIGSEGV.

Add an early return when impl_ is nullptr to prevent the crash.

Fixes: nodejs#62057

Co-Authored-By: Claude <noreply@anthropic.com>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. quic Issues and PRs related to the QUIC implementation / HTTP/3. labels Mar 6, 2026
addaleax
addaleax approved these changes Mar 6, 2026
View reviewed changes
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you add a regression test?

@zerone0x
test: add regression test for quic UpdateDataStats null-deref
da73141 
Exercises the crash path in Session::SendDataStats() where on_exit fires
UpdateDataStats() after Destroy() has already reset impl_ to nullptr.

Refs: nodejs#62126
@zerone0x
Copy link
Author

zerone0x commented Mar 6, 2026

added a regression test in test/parallel/test-quic-session-update-data-stats-after-close.mjs — creates a session with datagrams enabled, sends a datagram and immediately closes on both sides to race the on_exit UpdateDataStats() call against the destroy, which is the path that was crashing before the fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@addaleax addaleax addaleax approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. quic Issues and PRs related to the QUIC implementation / HTTP/3.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

quic: NULL dereference in Session::UpdateDataStats when impl_ is null

3 participants

@zerone0x @addaleax @nodejs-github-bot