From e1d472f18a4fa4b1ba872a9ba7bcd7af30d9d61e Mon Sep 17 00:00:00 2001 From: Hongyu Chen Date: Mon, 7 Dec 2015 21:42:52 -0800 Subject: [PATCH 1/5] Make census_tag_set the only field of census_context --- src/core/census/context.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/core/census/context.h b/src/core/census/context.h index d9907d4da75..e45409a6b83 100644 --- a/src/core/census/context.h +++ b/src/core/census/context.h @@ -39,11 +39,7 @@ /* census_context is the in-memory representation of information needed to * maintain tracing, RPC statistics and resource usage information. */ struct census_context { - gpr_uint64 op_id; /* Operation identifier - unique per-context */ - gpr_uint64 trace_id; /* Globally unique trace identifier */ - /* TODO(aveitch) Add census tags: - const census_tag_set *tags; - */ + census_tag_set *tags; /* Opaque data structure for census tags. */ }; #endif /* GRPC_INTERNAL_CORE_CENSUS_CONTEXT_H */ From d8552ab5ea2c0d78628c56e380148130f9dabf24 Mon Sep 17 00:00:00 2001 From: Craig Tiller Date: Tue, 8 Dec 2015 07:50:36 -0800 Subject: [PATCH 2/5] Fix typo --- src/core/transport/chttp2/frame_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/transport/chttp2/frame_data.c b/src/core/transport/chttp2/frame_data.c index e07fbb2cc75..38fa990758a 100644 --- a/src/core/transport/chttp2/frame_data.c +++ b/src/core/transport/chttp2/frame_data.c @@ -118,7 +118,7 @@ void grpc_chttp2_encode_data(gpr_uint32 id, gpr_slice_buffer *inbuf, hdr = gpr_slice_malloc(9); p = GPR_SLICE_START_PTR(hdr); - GPR_ASSERT(write_bytes < 16777316); + GPR_ASSERT(write_bytes < (1<<24)); *p++ = (gpr_uint8)(write_bytes >> 16); *p++ = (gpr_uint8)(write_bytes >> 8); *p++ = (gpr_uint8)(write_bytes); From 1ed62e4efc5dd59a94122a55e06ca1e56571b3d5 Mon Sep 17 00:00:00 2001 From: yang-g Date: Tue, 8 Dec 2015 08:00:24 -0800 Subject: [PATCH 3/5] add test for pluck after shutdown --- test/core/surface/completion_queue_test.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/test/core/surface/completion_queue_test.c b/test/core/surface/completion_queue_test.c index e3fc7897884..7a5cf30506f 100644 --- a/test/core/surface/completion_queue_test.c +++ b/test/core/surface/completion_queue_test.c @@ -175,6 +175,19 @@ static void test_pluck(void) { grpc_exec_ctx_finish(&exec_ctx); } +static void test_pluck_after_shutdown(void) { + grpc_event ev; + grpc_completion_queue *cc; + + LOG_TEST("test_pluck_after_shutdown"); + cc = grpc_completion_queue_create(NULL); + grpc_completion_queue_shutdown(cc); + ev = grpc_completion_queue_pluck(cc, NULL, gpr_inf_future(GPR_CLOCK_REALTIME), + NULL); + GPR_ASSERT(ev.type == GRPC_QUEUE_SHUTDOWN); + grpc_completion_queue_destroy(cc); +} + #define TEST_THREAD_EVENTS 10000 typedef struct test_thread_options { @@ -343,6 +356,7 @@ int main(int argc, char **argv) { test_shutdown_then_next_with_timeout(); test_cq_end_op(); test_pluck(); + test_pluck_after_shutdown(); test_threading(1, 1); test_threading(1, 10); test_threading(10, 1); From c3218147de0cc8109804f8959d7bfa6eac44b6ef Mon Sep 17 00:00:00 2001 From: Craig Tiller Date: Tue, 8 Dec 2015 08:30:39 -0800 Subject: [PATCH 4/5] Fix fuzzing detected crash --- src/core/transport/chttp2/hpack_parser.c | 22 +++++++++++++--------- test/core/bad_client/tests/headers.c | 6 ++++++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/src/core/transport/chttp2/hpack_parser.c b/src/core/transport/chttp2/hpack_parser.c index e5453000ec0..30f0d469e38 100644 --- a/src/core/transport/chttp2/hpack_parser.c +++ b/src/core/transport/chttp2/hpack_parser.c @@ -1418,15 +1418,19 @@ grpc_chttp2_parse_error grpc_chttp2_header_parser_parse( GPR_TIMER_END("grpc_chttp2_hpack_parser_parse", 0); return GRPC_CHTTP2_CONNECTION_ERROR; } - if (parser->is_boundary) { - stream_parsing - ->got_metadata_on_parse[stream_parsing->header_frames_received] = 1; - stream_parsing->header_frames_received++; - grpc_chttp2_list_add_parsing_seen_stream(transport_parsing, - stream_parsing); - } - if (parser->is_eof) { - stream_parsing->received_close = 1; + /* need to check for null stream: this can occur if we receive an invalid + stream id on a header */ + if (stream_parsing != NULL) { + if (parser->is_boundary) { + stream_parsing + ->got_metadata_on_parse[stream_parsing->header_frames_received] = 1; + stream_parsing->header_frames_received++; + grpc_chttp2_list_add_parsing_seen_stream(transport_parsing, + stream_parsing); + } + if (parser->is_eof) { + stream_parsing->received_close = 1; + } } parser->on_header = on_header_not_set; parser->on_header_user_data = NULL; diff --git a/test/core/bad_client/tests/headers.c b/test/core/bad_client/tests/headers.c index 1d18a8241a7..c16bfd623bd 100644 --- a/test/core/bad_client/tests/headers.c +++ b/test/core/bad_client/tests/headers.c @@ -195,5 +195,11 @@ int main(int argc, char **argv) { "\x00\x00\x00\x09\x04\x00\x00\x00\x01", 0); + /* an invalid header found with fuzzing */ + GRPC_RUN_BAD_CLIENT_TEST(verifier, + PFX_STR + "\x00\x00\x00\x01\x39\x67\xed\x1d\x64", + GRPC_BAD_CLIENT_DISCONNECT); + return 0; } From 858be6c58cecb9b0a1e11c3aafd1c362784aad1d Mon Sep 17 00:00:00 2001 From: Craig Tiller Date: Tue, 8 Dec 2015 09:29:44 -0800 Subject: [PATCH 5/5] Fix windows build --- test/core/surface/init_test.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/core/surface/init_test.c b/test/core/surface/init_test.c index c8791965bfd..d4451e45672 100644 --- a/test/core/surface/init_test.c +++ b/test/core/surface/init_test.c @@ -47,7 +47,7 @@ static void test(int rounds) { } } -static void test_mixed() { +static void test_mixed(void) { grpc_init(); grpc_init(); grpc_shutdown(); @@ -56,8 +56,8 @@ static void test_mixed() { grpc_shutdown(); } -static void plugin_init() { g_flag = 1; } -static void plugin_destroy() { g_flag = 2; } +static void plugin_init(void) { g_flag = 1; } +static void plugin_destroy(void) { g_flag = 2; } static void test_plugin() { grpc_register_plugin(plugin_init, plugin_destroy);