From 6ae6fc7a797d1629fb8ceba4c5b8792f7c24c4a3 Mon Sep 17 00:00:00 2001
From: Craig Tiller <ctiller@google.com>
Date: Wed, 1 Jun 2016 16:28:00 -0700
Subject: [PATCH] Fix server side memory leak

If clients send GOAWAY followed by HEADER
---
 .../chttp2/transport/chttp2_transport.c       |   6 +-
 .../23f261e44d54a2736f6e288128d98db9e5015206  | Bin 0 -> 100 bytes
 .../552199651d942e7220141a93ec33dd8256210a18  | Bin 0 -> 46 bytes
 .../7a946bf3cd91b63001f2cf3f40c515c747f2ecde  | Bin 0 -> 696 bytes
 .../7d25c28298fb4d0fe41209d0d14307e4aa67c59e  | Bin 0 -> 47 bytes
 .../8138b18a9a743659befc2f2b23d23cb9c3086a09  | Bin 0 -> 348 bytes
 .../925011abb99fd56bb0f425ae5e0d92e6d341f804  | Bin 0 -> 49 bytes
 ...h-c1f66840627e3bfdedf2e4c225bc4de0c267ed37 | Bin 0 -> 100 bytes
 .../d6bed9cc3c10338a8c5f41064ff8bec0bbc267ce  | Bin 0 -> 48 bytes
 .../dda9643679f8c8b796e64232a7d153e447d64991  | Bin 0 -> 650 bytes
 .../e7b08e36420fa107f0aee652e62158af85a4ef15  | Bin 0 -> 1091 bytes
 tools/run_tests/tests.json                    | 170 ++++++++++++++++++
 12 files changed, 174 insertions(+), 2 deletions(-)
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/23f261e44d54a2736f6e288128d98db9e5015206
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/552199651d942e7220141a93ec33dd8256210a18
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/7a946bf3cd91b63001f2cf3f40c515c747f2ecde
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/7d25c28298fb4d0fe41209d0d14307e4aa67c59e
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/8138b18a9a743659befc2f2b23d23cb9c3086a09
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/925011abb99fd56bb0f425ae5e0d92e6d341f804
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/crash-c1f66840627e3bfdedf2e4c225bc4de0c267ed37
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/d6bed9cc3c10338a8c5f41064ff8bec0bbc267ce
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/dda9643679f8c8b796e64232a7d153e447d64991
 create mode 100644 test/core/end2end/fuzzers/server_fuzzer_corpus/e7b08e36420fa107f0aee652e62158af85a4ef15

diff --git a/src/core/ext/transport/chttp2/transport/chttp2_transport.c b/src/core/ext/transport/chttp2/transport/chttp2_transport.c
index b6886a2201b..d531d215e9d 100644
--- a/src/core/ext/transport/chttp2/transport/chttp2_transport.c
+++ b/src/core/ext/transport/chttp2/transport/chttp2_transport.c
@@ -804,8 +804,10 @@ void grpc_chttp2_add_incoming_goaway(
   gpr_free(msg);
   gpr_slice_unref(goaway_text);
   transport_global->seen_goaway = 1;
-  connectivity_state_set(exec_ctx, transport_global, GRPC_CHANNEL_FATAL_FAILURE,
-                         "got_goaway");
+  /* lie: use transient failure from the transport to indicate goaway has been
+   * received */
+  connectivity_state_set(exec_ctx, transport_global,
+                         GRPC_CHANNEL_TRANSIENT_FAILURE, "got_goaway");
 }
 
 static void maybe_start_some_streams(
diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/23f261e44d54a2736f6e288128d98db9e5015206 b/test/core/end2end/fuzzers/server_fuzzer_corpus/23f261e44d54a2736f6e288128d98db9e5015206
new file mode 100644
index 0000000000000000000000000000000000000000..1452256ec7f7ec1680e657f27704cebbd1f0e69a
GIT binary patch
literal 100
zcmWFt@>I}L@CXSB&^OXE;N{}w3ibt&3=9k`Knwzsj35@H08e^RL9%X1W^QVJX$hC1
buR(rsYKlT~F-!$BnhFzz;?(5)yp&=9a@-X&

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/552199651d942e7220141a93ec33dd8256210a18 b/test/core/end2end/fuzzers/server_fuzzer_corpus/552199651d942e7220141a93ec33dd8256210a18
new file mode 100644
index 0000000000000000000000000000000000000000..c8c54f443d7d31d3d2032246c16aa4ecee8999c7
GIT binary patch
literal 46
vcmWFt@>I}L@CXSB&^OXE;N{}w3ibt&3=9k%EI@*RL6d=<5yWErZ`A+*u!RQ9

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/7a946bf3cd91b63001f2cf3f40c515c747f2ecde b/test/core/end2end/fuzzers/server_fuzzer_corpus/7a946bf3cd91b63001f2cf3f40c515c747f2ecde
new file mode 100644
index 0000000000000000000000000000000000000000..8ef1b0ad7e9b1b0296610b941a573b75fe88bdef
GIT binary patch
literal 696
zcmcgqO;5ux40Wa;MqyG8aHiq}Xl*x+yNn|o5Ea`W$kMEhlqFH?N{oNYf8dA&Y1s$b
zkl;k5JlWB+WBWOMx(~0zyXiDdZsI{N=mnF91_6Nj>rV#=y#*lbVB|O!-DGZUGUFvX
z995!_3rPz^=e>o*!e%s`Oj$7EwRcK|%Oh<C*M+T+od|1C8jNu1B;(F$B{(W;lDu?+
zoi-S8A*91d8eubK^0Q3NHAmT3nUD1O`uU4;tb?+PC0AOO6$|Q0mJ!cAA^o)-cq6_u
z0_%1zW;~08Rz5gv3lPa59{O3tgYZ%-Q$Jt9_`RJ3Y4QKzxUH)~j&((b`~UAYy=C;;
z$n`9{>ltnd8*5M1{Y3yu{7R5;{7PY0^G7c_ZAAW(dz1EW#>eXXz&`)}w%Q`F20j7h
CKz`Ez

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/7d25c28298fb4d0fe41209d0d14307e4aa67c59e b/test/core/end2end/fuzzers/server_fuzzer_corpus/7d25c28298fb4d0fe41209d0d14307e4aa67c59e
new file mode 100644
index 0000000000000000000000000000000000000000..a323f7a1abda4f8abefe0567cf1dc458074b05fb
GIT binary patch
literal 47
xcmWFt@>I}L@CXSB&^OXE;N{}w3ibt&3=9k%EI@*RL6d=<k%id=$YT88006b82FU;b

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/8138b18a9a743659befc2f2b23d23cb9c3086a09 b/test/core/end2end/fuzzers/server_fuzzer_corpus/8138b18a9a743659befc2f2b23d23cb9c3086a09
new file mode 100644
index 0000000000000000000000000000000000000000..2bcef177a33a9a2a32faf6b1f48afd791eaedcda
GIT binary patch
literal 348
zcmZ{g!Ait15QbB&xE2dJ=*>g%q_S!2dg~Lo2eG()fozg(g4rabQ?$Ofcc%sM<iJ17
z3^V`0*S>9whvK>G+G<nQd6s9pmpKzcQq&yZ$y_D$tO*?SsycXI?Rli<%^<Wos#F66
z?2ZbwmudUD>uA>S5xZz$y0BhwtNj4<Qg{c-0fQ+h%0sY5a4_CgeGGzL&6#l_Q~;)&
z@Y1;c+DN=WpS4s6%R#OCFB53K?EWs@Onzh%&Dp#2A55db<A8xS13dw?g2;_kaiG~a
zsK|Jarnh@8nXm@S_7B6;KNtvNI3)=o1xc3YqN>ZsO}W4!by*j8))a31yhm6llKcRO
C{$5)E

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/925011abb99fd56bb0f425ae5e0d92e6d341f804 b/test/core/end2end/fuzzers/server_fuzzer_corpus/925011abb99fd56bb0f425ae5e0d92e6d341f804
new file mode 100644
index 0000000000000000000000000000000000000000..948d5fafa33dd00337d84bfac9cd398ff5b479d1
GIT binary patch
literal 49
zcmWFt@>I}L@CXSB&^OXE;N{}w3ibt&3=9k%EI@*RL6d=<k%igBzy!!<{NDfo!zBkT

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-c1f66840627e3bfdedf2e4c225bc4de0c267ed37 b/test/core/end2end/fuzzers/server_fuzzer_corpus/crash-c1f66840627e3bfdedf2e4c225bc4de0c267ed37
new file mode 100644
index 0000000000000000000000000000000000000000..a7fa57e78e8f55481508a7dac448104bf386bb47
GIT binary patch
literal 100
zcmWFt@>I}L@CXSB&^OXE;N{}w3ibt&3=9k`Knwzs>>w7S08e^RL9%X1W^QVJX$hC1
euR(rsYKlT~F;E2~NCh*R3KNCm)a3lUlwtsMTopM0

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/d6bed9cc3c10338a8c5f41064ff8bec0bbc267ce b/test/core/end2end/fuzzers/server_fuzzer_corpus/d6bed9cc3c10338a8c5f41064ff8bec0bbc267ce
new file mode 100644
index 0000000000000000000000000000000000000000..2b3424a332f810bbcc6519bc6a07ca4d729b8b0e
GIT binary patch
literal 48
ycmWFt@>I}L@CXSB&^OXE;N{}w3ibt&3=9k%EI@*RL6d=<k%igB1juCk-v9u-Tn7CB

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/dda9643679f8c8b796e64232a7d153e447d64991 b/test/core/end2end/fuzzers/server_fuzzer_corpus/dda9643679f8c8b796e64232a7d153e447d64991
new file mode 100644
index 0000000000000000000000000000000000000000..b8ba07b16bf2aed5df8bc97fc570043ea4589b13
GIT binary patch
literal 650
zcmbtSJx{|h5Ot~mp%BRf>=6^7rU{H$V1xk?(f$F~xyF`U+e$7{Q}MGIk%|-O(DEs9
zl23kTzbD^2=TG<1Wpp>4=E?Oq4Ts@y^3Y{Mi0_t*0r9$>NB1(zPz1@`m}JH(dXUvz
zzyf@MXdPMr3RC#`<77&Q8EYJ>B({gjaHd3ABR%FuBWR4VwLqD*N^*wM=%lPHrzc&G
z8RuXz2F*<&b$MFATrq@^EF5!$awXf+(g8w%6_X08nuI-Z!|=<MwBPqbUOd;DM>hSO
z%~%n0C7pWI>+mEUUpX_zX>_inZk8A1=CyOe>(X{)+t8u)M|?W?N8zY{SB(st+T%Y7
vg=8O=7C4g5yP)?>KDS>`{xn8km>S;)xGO<-3tRYi7jFCeBI&;cF`B#q0jGhB

literal 0
HcmV?d00001

diff --git a/test/core/end2end/fuzzers/server_fuzzer_corpus/e7b08e36420fa107f0aee652e62158af85a4ef15 b/test/core/end2end/fuzzers/server_fuzzer_corpus/e7b08e36420fa107f0aee652e62158af85a4ef15
new file mode 100644
index 0000000000000000000000000000000000000000..523c785612efbb325e6812d8beac59ad13bc6832
GIT binary patch
literal 1091
zcmcIjJ#WG=5H*mNkQT{9yGNZ`L`Y~mWnpcHs!`z&7{?@*LTn|61pRsaO^h9CCxV8r
z0z)n3<XHB*yLayeAFp=Dei@Ad_p#@-t+q9M(-9$Ls86r2TCr<KnWPR&sR(%*nLK1E
za9B*45d%ov^rsAB5gNh!aD*+N%+z0|F0>LsNfL`3@HG`FsAtY{Az2I999-1&b09Fw
z8_%9cnS^zQ+f{~c$R-H^){Q>7#C2dMWP~Ry%ds`fS>}*PVcv~N=+K0#ZE&=wIx2dq
z;R|09h)s7QggYjg>LRBxtMqgNR-?ok=&Pqw0Ez-kq)a#^z(wk6dhty`GNGGHtO!^$
z@+T9OlKTfny4-BP!kt|dKwYobS9<7q_I<+B+57<wz6&wbiuhmQEcC0Q)KWd?7j$^!
zl^GgZwxxiNW$4%y-uGE)kH;EokL{qF6||>vik&TIUY5SpPfLsLmGcg=*7wF?Y0WJg
PQzTNPy?jUzzaIYqHu%$T

literal 0
HcmV?d00001

diff --git a/tools/run_tests/tests.json b/tools/run_tests/tests.json
index 850f9474aec..c171d053547 100644
--- a/tools/run_tests/tests.json
+++ b/tools/run_tests/tests.json
@@ -70513,6 +70513,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/23f261e44d54a2736f6e288128d98db9e5015206"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/2463aea879c5ab49f8409d0e5c062c7e086b034b"
@@ -71941,6 +71958,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/552199651d942e7220141a93ec33dd8256210a18"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/55af20415ead0ddd417f37fa91a4c767b749ee34"
@@ -72706,6 +72740,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/7a946bf3cd91b63001f2cf3f40c515c747f2ecde"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/7b453adcb9c4bf31dbc448ff32c2bc90ebcbdf0f"
@@ -72723,6 +72774,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/7d25c28298fb4d0fe41209d0d14307e4aa67c59e"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/7ddfac7d7845b424bf670070781ca6ff8586c63b"
@@ -72774,6 +72842,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/8138b18a9a743659befc2f2b23d23cb9c3086a09"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/8164d3c4af043c47cfd6966873bccd2353d072bf"
@@ -73182,6 +73267,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/925011abb99fd56bb0f425ae5e0d92e6d341f804"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/93beeba2.bin"
@@ -74593,6 +74695,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/crash-c1f66840627e3bfdedf2e4c225bc4de0c267ed37"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/crash-dae0f07934a527989f23f06e630710ff6ca8c809"
@@ -74695,6 +74814,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/d6bed9cc3c10338a8c5f41064ff8bec0bbc267ce"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/d8a1d141a9e3876b71c7decbe6e3affccf6de397"
@@ -74848,6 +74984,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/dda9643679f8c8b796e64232a7d153e447d64991"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/df5d3cf5f05eab65ef9d385e263780ae73c42b19"
@@ -74950,6 +75103,23 @@
     ], 
     "uses_polling": false
   }, 
+  {
+    "args": [
+      "test/core/end2end/fuzzers/server_fuzzer_corpus/e7b08e36420fa107f0aee652e62158af85a4ef15"
+    ], 
+    "ci_platforms": [
+      "linux"
+    ], 
+    "cpu_cost": 0.1, 
+    "exclude_configs": [], 
+    "flaky": false, 
+    "language": "c", 
+    "name": "server_fuzzer_one_entry", 
+    "platforms": [
+      "linux"
+    ], 
+    "uses_polling": false
+  }, 
   {
     "args": [
       "test/core/end2end/fuzzers/server_fuzzer_corpus/e96ad9c17795e52edc810a08d4fc61fe8790002a"