Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

[Fix fuzzer error] Memory address points to zero page. (#32894)

Browse Source 
Found memory access error in frame_fuzzer_test. Located the root cause
in ExecCtx::Get(), where ExecCtx needs to be initialized before using
HPackParser:ParseInput().


Error logs:
MemorySanitizer:DEADLYSIGNAL
==2812845==ERROR: MemorySanitizer: SEGV on unknown address
0x000000000030 (pc 0x55869275574e bp 0x7fffd7d9fb50 sp 0x7fffd7d9fb20
T2812845)
==2812845==The signal is caused by a READ memory access.
==2812845==Hint: address points to the zero page.
#0 0x55869275574e in starting_cpu
[third_party/grpc/src/core/lib/iomgr/exec_ctx.h:129](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/iomgr/exec_ctx.h?l=129&ws=ladynana/2900&snapshot=42):9
#1 0x55869275574e in
grpc_core::PerCpu<grpc_core::GlobalStatsCollector::Data>::this_cpu()
[third_party/grpc/src/core/lib/gprpp/per_cpu.h:38](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/gprpp/per_cpu.h?l=38&ws=ladynana/2900&snapshot=42):48
#2 0x558692753cda in IncrementHttp2MetadataSize
[third_party/grpc/src/core/lib/debug/stats_data.h:265](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/lib/debug/stats_data.h?l=265&ws=ladynana/2900&snapshot=42):11
#3 0x558692753cda in
grpc_core::HPackParser::ParseInput(grpc_core::HPackParser::Input, bool)
[third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc:933](https://cs.corp.google.com/piper///depot/google3/third_party/grpc/src/core/ext/transport/chttp2/transport/hpack_parser.cc?l=933&ws=ladynana/2900&snapshot=42):20


<!--

If you know who should review your pull request, please assign it to
that
person, otherwise the pull request would get assigned randomly.

If your pull request is for a specific language, please add the
appropriate
lang label.

-->
pull/32636/head
nanahpang 2 years ago committed by GitHub
parent c2d589c949
commit d1dda5c8a2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 3 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      test/core/transport/chaotic_good/BUILD
  2. 2
      test/core/transport/chaotic_good/frame_fuzzer.cc

1
test/core/transport/chaotic_good/BUILD
Unescape View File

@ -61,6 +61,7 @@ grpc_fuzzer(
language = "C++",
tags = ["no_windows"],
deps = [
"//:exec_ctx",
"//:gpr",
"//:hpack_encoder",
"//:hpack_parser",

2
test/core/transport/chaotic_good/frame_fuzzer.cc
Unescape View File

@ -27,6 +27,7 @@
#include "src/core/ext/transport/chttp2/transport/hpack_encoder.h"
#include "src/core/ext/transport/chttp2/transport/hpack_parser.h"
#include "src/core/lib/gprpp/ref_counted_ptr.h"
#include "src/core/lib/iomgr/exec_ctx.h"
#include "src/core/lib/resource_quota/arena.h"
#include "src/core/lib/resource_quota/memory_quota.h"
#include "src/core/lib/resource_quota/resource_quota.h"
@ -61,6 +62,7 @@ template <typename T>
void FinishParseAndChecks(const FrameHeader& header, const uint8_t* data,
size_t size) {
T parsed;
ExecCtx exec_ctx; // Initialized to get this_cpu() info in global_stat().
HPackParser hpack_parser;
SliceBuffer serialized;
serialized.Append(Slice::FromCopiedBuffer(data, size));

Write Preview
Loading…
Cancel
Save