proto: don't panic when draining a unknown connection

A panic here was reported by a user when testing under very scarce CPU conditions. The root cause is not yet well understood (perhaps a connection emitting `Drained` twice for some reason?), but we can still reduce the blast radius.
quinn-rs · Aug 23, 2023 · 394ac8c · 394ac8c
1 parent 47678a1
commit 394ac8c
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/quinn-proto/src/endpoint.rs b/quinn-proto/src/endpoint.rs
@@ -13,7 +13,7 @@ use rand::{rngs::StdRng, Rng, RngCore, SeedableRng};
 use rustc_hash::FxHashMap;
 use slab::Slab;
 use thiserror::Error;
-use tracing::{debug, trace, warn};
+use tracing::{debug, error, trace, warn};
 
 use crate::{
     cid_generator::{ConnectionIdGenerator, RandomConnectionIdGenerator},
@@ -105,8 +105,14 @@ impl Endpoint {
                 }
             }
             Drained => {
-                let conn = self.connections.remove(ch.0);
-                self.index.remove(&conn);
+                if let Some(conn) = self.connections.try_remove(ch.0) {
+                    self.index.remove(&conn);
+                } else {
+                    // This indicates a bug in downstream code, which could cause spurious
+                    // connection loss instead of this error if the CID was (re)allocated prior to
+                    // the illegal call.
+                    error!(id = ch.0, "unknown connection drained");
+                }
             }
         }
         None