Fix fuzzer found null-deref in memory_quota (#27648)

3 years ago · 3dc5528c50
parent 8d8d07139c
commit 3dc5528c50
3 changed files with 1617 additions and 1 deletions
--- a/src/core/lib/resource_quota/memory_quota.cc
+++ b/src/core/lib/resource_quota/memory_quota.cc
@ -376,7 +376,7 @@ void BasicMemoryQuota::Take(size_t amount) {
  auto prior = free_bytes_.fetch_sub(amount, std::memory_order_acq_rel);
  // If we push into overcommit, awake the reclaimer.
  if (prior >= 0 && prior < static_cast<intptr_t>(amount)) {
-    reclaimer_activity_->ForceWakeup();
+    if (reclaimer_activity_ != nullptr) reclaimer_activity_->ForceWakeup();
  }
 }

--- a/test/core/resource_quota/memory_quota_fuzzer_corpus/testcase-replenish-nullchk
+++ b/test/core/resource_quota/memory_quota_fuzzer_corpus/testcase-replenish-nullchk
--- a/test/core/resource_quota/memory_quota_fuzzer_corpus/testcase-replenish-nullchk-after-creduce
+++ b/test/core/resource_quota/memory_quota_fuzzer_corpus/testcase-replenish-nullchk-after-creduce
@ -0,0 +1,15 @@
+actions {
+  create_quota {}
+}
+actions {
+  create_allocator {}
+}
+actions{set_quota_size : 790} actions {
+  delete_quota {}
+}
+actions {
+  create_allocation {
+  max:
+    2
+  }
+}