From 38525a9a082df5c8a61efe046cde9cb14ae4170c Mon Sep 17 00:00:00 2001 From: "Mark D. Roth" Date: Fri, 9 Sep 2016 14:45:00 -0700 Subject: [PATCH] Fix use-after-free bug. --- src/core/ext/client_config/resolver_result.c | 7 +++++++ src/core/ext/client_config/resolver_result.h | 2 ++ src/core/ext/resolver/sockaddr/sockaddr_resolver.c | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/src/core/ext/client_config/resolver_result.c b/src/core/ext/client_config/resolver_result.c index ba21349d2d5..b0602d583d6 100644 --- a/src/core/ext/client_config/resolver_result.c +++ b/src/core/ext/client_config/resolver_result.c @@ -47,6 +47,13 @@ grpc_addresses *grpc_addresses_create(size_t num_addresses) { return addresses; } +grpc_addresses *grpc_addresses_copy(grpc_addresses* addresses) { + grpc_addresses *new = grpc_addresses_create(addresses->num_addresses); + memcpy(new->addresses, addresses->addresses, + sizeof(grpc_address) * addresses->num_addresses); + return new; +} + void grpc_addresses_set_address(grpc_addresses *addresses, size_t index, void *address, size_t address_len, bool is_balancer) { diff --git a/src/core/ext/client_config/resolver_result.h b/src/core/ext/client_config/resolver_result.h index df92bec984e..b1a34575654 100644 --- a/src/core/ext/client_config/resolver_result.h +++ b/src/core/ext/client_config/resolver_result.h @@ -54,6 +54,8 @@ typedef struct grpc_addresses { \a num_addresses addresses. */ grpc_addresses *grpc_addresses_create(size_t num_addresses); +grpc_addresses *grpc_addresses_copy(grpc_addresses* addresses); + void grpc_addresses_set_address(grpc_addresses *addresses, size_t index, void *address, size_t address_len, bool is_balancer); diff --git a/src/core/ext/resolver/sockaddr/sockaddr_resolver.c b/src/core/ext/resolver/sockaddr/sockaddr_resolver.c index 328c7cb6f93..5c59e4397af 100644 --- a/src/core/ext/resolver/sockaddr/sockaddr_resolver.c +++ b/src/core/ext/resolver/sockaddr/sockaddr_resolver.c @@ -120,8 +120,8 @@ static void sockaddr_maybe_finish_next_locked(grpc_exec_ctx *exec_ctx, sockaddr_resolver *r) { if (r->next_completion != NULL && !r->published) { r->published = true; - *r->target_result = - grpc_resolver_result_create(r->addresses, r->lb_policy_name); + *r->target_result = grpc_resolver_result_create( + grpc_addresses_copy(r->addresses), r->lb_policy_name); grpc_exec_ctx_sched(exec_ctx, r->next_completion, GRPC_ERROR_NONE, NULL); r->next_completion = NULL; }