From 10b5169ce0e6781d0d79cedba62671b0e2a399e4 Mon Sep 17 00:00:00 2001
From: Derek Collison <derek@nats.io>
Date: Tue, 25 Jun 2024 09:34:58 -0700
Subject: [PATCH] Avoid datarace storing mpay from a JWT claim

Signed-off-by: Derek Collison <derek@nats.io>
---
 server/client.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/client.go b/server/client.go
index 619db25aad0..5155ae53e01 100644
--- a/server/client.go
+++ b/server/client.go
@@ -847,7 +847,7 @@ func (c *client) applyAccountLimits() {
 	c.msubs = jwt.NoLimit
 	if c.opts.JWT != _EMPTY_ { // user jwt implies account
 		if uc, _ := jwt.DecodeUserClaims(c.opts.JWT); uc != nil {
-			c.mpay = int32(uc.Limits.Payload)
+			atomic.StoreInt32(&c.mpay, int32(uc.Limits.Payload))
 			c.msubs = int32(uc.Limits.Subs)
 			if uc.IssuerAccount != _EMPTY_ && uc.IssuerAccount != uc.Issuer {
 				if scope, ok := c.acc.signingKeys[uc.Issuer]; ok {