From 394ac8c2b84497bb490659683ffd2f922ced8a0a Mon Sep 17 00:00:00 2001
From: Benjamin Saunders <ben.e.saunders@gmail.com>
Date: Wed, 23 Aug 2023 10:51:37 -0700
Subject: [PATCH] proto: don't panic when draining a unknown connection

A panic here was reported by a user when testing under very scarce CPU
conditions. The root cause is not yet well understood (perhaps a
connection emitting `Drained` twice for some reason?), but we can
still reduce the blast radius.
---
 quinn-proto/src/endpoint.rs | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/quinn-proto/src/endpoint.rs b/quinn-proto/src/endpoint.rs
index 79e91871a..1200aaf85 100644
--- a/quinn-proto/src/endpoint.rs
+++ b/quinn-proto/src/endpoint.rs
@@ -13,7 +13,7 @@ use rand::{rngs::StdRng, Rng, RngCore, SeedableRng};
 use rustc_hash::FxHashMap;
 use slab::Slab;
 use thiserror::Error;
-use tracing::{debug, trace, warn};
+use tracing::{debug, error, trace, warn};
 
 use crate::{
     cid_generator::{ConnectionIdGenerator, RandomConnectionIdGenerator},
@@ -105,8 +105,14 @@ impl Endpoint {
                 }
             }
             Drained => {
-                let conn = self.connections.remove(ch.0);
-                self.index.remove(&conn);
+                if let Some(conn) = self.connections.try_remove(ch.0) {
+                    self.index.remove(&conn);
+                } else {
+                    // This indicates a bug in downstream code, which could cause spurious
+                    // connection loss instead of this error if the CID was (re)allocated prior to
+                    // the illegal call.
+                    error!(id = ch.0, "unknown connection drained");
+                }
             }
         }
         None