From b2348ba1db688751056faed43fb6235762feab6b Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Fri, 18 Nov 2016 08:10:46 -0800
Subject: [PATCH] Check length as well as start when determining static
 metadata id

---
 src/core/lib/transport/static_metadata.c  | 8 ++++++--
 tools/codegen/core/gen_static_metadata.py | 5 +++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/core/lib/transport/static_metadata.c b/src/core/lib/transport/static_metadata.c
index b065af73f97..a28873b921a 100644
--- a/src/core/lib/transport/static_metadata.c
+++ b/src/core/lib/transport/static_metadata.c
@@ -396,10 +396,14 @@ static const uint8_t g_revmap[] = {
 
 int grpc_static_metadata_index(grpc_slice slice) {
   if (GRPC_SLICE_LENGTH(slice) == 0) return 33;
-  size_t ofs = (size_t)(GRPC_SLICE_START_PTR(slice) - g_raw_bytes);
+  if (slice.refcount != &g_refcnt) return -1;
+  size_t ofs = (size_t)(slice.data.refcounted.bytes - g_raw_bytes);
   if (ofs > sizeof(g_revmap)) return -1;
   uint8_t id = g_revmap[ofs];
-  return id == 255 ? -1 : id;
+  return id == 255 ? -1 : (grpc_static_slice_table[id].data.refcounted.length ==
+                                   slice.data.refcounted.length
+                               ? id
+                               : -1);
 }
 
 uintptr_t grpc_static_mdelem_user_data[GRPC_STATIC_MDELEM_COUNT] = {
diff --git a/tools/codegen/core/gen_static_metadata.py b/tools/codegen/core/gen_static_metadata.py
index c5519c44ad0..4583df3bedc 100755
--- a/tools/codegen/core/gen_static_metadata.py
+++ b/tools/codegen/core/gen_static_metadata.py
@@ -339,10 +339,11 @@ print >>C
 print >>H, 'int grpc_static_metadata_index(grpc_slice slice);'
 print >>C, 'int grpc_static_metadata_index(grpc_slice slice) {'
 print >>C, '  if (GRPC_SLICE_LENGTH(slice) == 0) return %d;' % zero_length_idx
-print >>C, '  size_t ofs = (size_t)(GRPC_SLICE_START_PTR(slice) - g_raw_bytes);'
+print >>C, '  if (slice.refcount != &g_refcnt) return -1;'
+print >>C, '  size_t ofs = (size_t)(slice.data.refcounted.bytes - g_raw_bytes);'
 print >>C, '  if (ofs > sizeof(g_revmap)) return -1;'
 print >>C, '  uint8_t id = g_revmap[ofs];'
-print >>C, '  return id == 255 ? -1 : id;'
+print >>C, '  return id == 255 ? -1 : (grpc_static_slice_table[id].data.refcounted.length == slice.data.refcounted.length? id : -1);'
 print >>C, '}'
 print >>C