From 78a73333b705a9d184da7f3174533500d05b2a21 Mon Sep 17 00:00:00 2001 From: Craig Tiller Date: Mon, 20 Jun 2016 08:24:44 -0700 Subject: [PATCH] Fix memory leak upon receiving two RST_STREAMs --- .../chttp2/transport/frame_rst_stream.c | 14 +- .../2c452818a10ddef09b90c89a53db14b9b56b21f3 | Bin 0 -> 52 bytes .../42ead79c94eccdf8a8c3d8036be73e14fa260dd5 | Bin 0 -> 64 bytes .../4e05d6cf1c3f0c04f6ee92d09a53ee0fe35c085a | Bin 0 -> 64 bytes .../8f980dd25f1c77e3536131c2c620aa32e8c13180 | Bin 0 -> 14 bytes .../aef36c49d7dec0dcf8cdc224d9e9221fa2cb1db0 | Bin 0 -> 53 bytes ...h-14ed70cd9ea7987cdd0c8f6e39398ee7c60ee2ff | Bin 0 -> 719 bytes .../dcb06a6e34cbed15515e5b3581ca666f704777bd | Bin 0 -> 238 bytes .../ea46b684f1e67a27c231f2d536c41da631189b9c | Bin 0 -> 696 bytes tools/run_tests/tests.json | 152 ++++++++++++++++++ 10 files changed, 160 insertions(+), 6 deletions(-) create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/2c452818a10ddef09b90c89a53db14b9b56b21f3 create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/42ead79c94eccdf8a8c3d8036be73e14fa260dd5 create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/4e05d6cf1c3f0c04f6ee92d09a53ee0fe35c085a create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/8f980dd25f1c77e3536131c2c620aa32e8c13180 create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/aef36c49d7dec0dcf8cdc224d9e9221fa2cb1db0 create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/crash-14ed70cd9ea7987cdd0c8f6e39398ee7c60ee2ff create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/dcb06a6e34cbed15515e5b3581ca666f704777bd create mode 100644 test/core/end2end/fuzzers/client_fuzzer_corpus/ea46b684f1e67a27c231f2d536c41da631189b9c diff --git a/src/core/ext/transport/chttp2/transport/frame_rst_stream.c b/src/core/ext/transport/chttp2/transport/frame_rst_stream.c index a7aefb99158..e3a3c9e4a7c 100644 --- a/src/core/ext/transport/chttp2/transport/frame_rst_stream.c +++ b/src/core/ext/transport/chttp2/transport/frame_rst_stream.c @@ -102,12 +102,14 @@ grpc_error *grpc_chttp2_rst_stream_parser_parse( if (p->byte == 4) { GPR_ASSERT(is_last); stream_parsing->received_close = 1; - stream_parsing->forced_close_error = grpc_error_set_int( - GRPC_ERROR_CREATE("RST_STREAM"), GRPC_ERROR_INT_HTTP2_ERROR, - (intptr_t)((((uint32_t)p->reason_bytes[0]) << 24) | - (((uint32_t)p->reason_bytes[1]) << 16) | - (((uint32_t)p->reason_bytes[2]) << 8) | - (((uint32_t)p->reason_bytes[3])))); + if (stream_parsing->forced_close_error == GRPC_ERROR_NONE) { + stream_parsing->forced_close_error = grpc_error_set_int( + GRPC_ERROR_CREATE("RST_STREAM"), GRPC_ERROR_INT_HTTP2_ERROR, + (intptr_t)((((uint32_t)p->reason_bytes[0]) << 24) | + (((uint32_t)p->reason_bytes[1]) << 16) | + (((uint32_t)p->reason_bytes[2]) << 8) | + (((uint32_t)p->reason_bytes[3])))); + } } return GRPC_ERROR_NONE; diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/2c452818a10ddef09b90c89a53db14b9b56b21f3 b/test/core/end2end/fuzzers/client_fuzzer_corpus/2c452818a10ddef09b90c89a53db14b9b56b21f3 new file mode 100644 index 0000000000000000000000000000000000000000..059634fda10a679b7bb4f753fe06660888b26dd4 GIT binary patch literal 52 zcmZS3WMpJ#`1cCr>)SNic&kq1P C_Z2e$ literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/42ead79c94eccdf8a8c3d8036be73e14fa260dd5 b/test/core/end2end/fuzzers/client_fuzzer_corpus/42ead79c94eccdf8a8c3d8036be73e14fa260dd5 new file mode 100644 index 0000000000000000000000000000000000000000..b9c53b26edd94105bc4bdb24e73697cc4be93dc4 GIT binary patch literal 64 zcmZQz&|+j^U|?Wm;7KnkNY*XM%uUTNE#U@pic1npN{a=Jfbu+y3``8!3=GU5r40Z7 LGqQs;X{`VNxT6g} literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/4e05d6cf1c3f0c04f6ee92d09a53ee0fe35c085a b/test/core/end2end/fuzzers/client_fuzzer_corpus/4e05d6cf1c3f0c04f6ee92d09a53ee0fe35c085a new file mode 100644 index 0000000000000000000000000000000000000000..8a4a279998d72b2aa9b94310364f40c2580515c2 GIT binary patch literal 64 zcmZQz&|+j^U|?Wm;7KnkNY*XM%uUTNE#X!Naf(Y4OG=9cjeznzj0{W+*$fQKAf*id M|1+|KG-<5>0Is79{{R30 literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/8f980dd25f1c77e3536131c2c620aa32e8c13180 b/test/core/end2end/fuzzers/client_fuzzer_corpus/8f980dd25f1c77e3536131c2c620aa32e8c13180 new file mode 100644 index 0000000000000000000000000000000000000000..fcebab7a64f25b8dfad2cbb19851b76833a674b7 GIT binary patch literal 14 TcmZS3WMpJ#`1cCKLz? literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/aef36c49d7dec0dcf8cdc224d9e9221fa2cb1db0 b/test/core/end2end/fuzzers/client_fuzzer_corpus/aef36c49d7dec0dcf8cdc224d9e9221fa2cb1db0 new file mode 100644 index 0000000000000000000000000000000000000000..6b015fe66e6131d746ff41da4b961b0ea074a02f GIT binary patch literal 53 wcmZQzU||3OMg|5&AjJ%3v*hM7Fz|zz42+Dqxr(`e{sRfWsS`IUP6RU40etxhaR2}S literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/crash-14ed70cd9ea7987cdd0c8f6e39398ee7c60ee2ff b/test/core/end2end/fuzzers/client_fuzzer_corpus/crash-14ed70cd9ea7987cdd0c8f6e39398ee7c60ee2ff new file mode 100644 index 0000000000000000000000000000000000000000..be6366049d93b585d80d625c72ec8eabc458f8f5 GIT binary patch literal 719 zcma))!A%1(5Jl~fL&S-#01X$%d*ezZL|E_oKS9FwrjM^T*-qe*OC#i~h0zgCtcA1q!ShX>2v)Qh6$Z`_$uwt&j-F4ZR; z5Sv7_I-eYEmYW?vcl;IP1o{i~ad|8#&gc-zlgX7X`Jb@uP`1h)s-Wx}23A)%p@>wE za!C@8^?ad=qK}-dq9bit8{GOE-Go^{jRIXY;!;t6Li0vv6=jI|D`%R^2vry~vi7F? zj%DqTNjKogO;hm+{BgT~2z2|($`EkI19~LJC`TB;F;RQr8{}99X|={K^4w4OLpkCM RBFep{S=%Njy`zq%`UA}C*FFFM literal 0 HcmV?d00001 diff --git a/test/core/end2end/fuzzers/client_fuzzer_corpus/dcb06a6e34cbed15515e5b3581ca666f704777bd b/test/core/end2end/fuzzers/client_fuzzer_corpus/dcb06a6e34cbed15515e5b3581ca666f704777bd new file mode 100644 index 0000000000000000000000000000000000000000..92750f94a32152bdd71d388f47c4bcefb6ec34b8 GIT binary patch literal 238 zcmY+7F%AMj2t~o2!q`|@8)C7Jm9en!5Zu87aF}11*jjo!PvH2O)odig1Rng4NKyI5 zR^;7UGq%I&coxyJ30Y55)dt5*_uO3%k6!p!;!iRS_{tfJY8zgY`Q<}Y|ly-<3XI{!F o4-v0C#t0){Z=6m|-N-+eun0W93o~cbV+vGj(5A~7+}Qfx0kNN|?f?J) literal 0 HcmV?d00001 diff --git a/tools/run_tests/tests.json b/tools/run_tests/tests.json index 3ed7a6bc476..2353ac85831 100644 --- a/tools/run_tests/tests.json +++ b/tools/run_tests/tests.json @@ -54188,6 +54188,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/2c452818a10ddef09b90c89a53db14b9b56b21f3" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/2c6e69067c68c145dc5d3a60b86d8081fdf95d0d" @@ -54986,6 +55005,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/42ead79c94eccdf8a8c3d8036be73e14fa260dd5" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/43202ad9b1a689d919ab9ae91c2d0223394867bf" @@ -55328,6 +55366,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/4e05d6cf1c3f0c04f6ee92d09a53ee0fe35c085a" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/4e21c4b5c454df51c102f09ea1ba78c42133ee16" @@ -57247,6 +57304,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/8f980dd25f1c77e3536131c2c620aa32e8c13180" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/90a9c3390752b94ca19a58cb2fe6267bc818f718" @@ -58463,6 +58539,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/aef36c49d7dec0dcf8cdc224d9e9221fa2cb1db0" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/af8b24ffaecdfaf96c0cd7c76f31dc9e1b4d0935" @@ -59508,6 +59603,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/crash-14ed70cd9ea7987cdd0c8f6e39398ee7c60ee2ff" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/crash-3bd02c98286bfa7be8e13c5500ddb587bba74fbb" @@ -60173,6 +60287,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/dcb06a6e34cbed15515e5b3581ca666f704777bd" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/dccd1fd6d3394f5f68c87950ed7356a2e9ef0f6f" @@ -60667,6 +60800,25 @@ ], "uses_polling": false }, + { + "args": [ + "test/core/end2end/fuzzers/client_fuzzer_corpus/ea46b684f1e67a27c231f2d536c41da631189b9c" + ], + "ci_platforms": [ + "linux" + ], + "cpu_cost": 0.1, + "exclude_configs": [ + "tsan" + ], + "flaky": false, + "language": "c", + "name": "client_fuzzer_one_entry", + "platforms": [ + "linux" + ], + "uses_polling": false + }, { "args": [ "test/core/end2end/fuzzers/client_fuzzer_corpus/eb969b9ab1b0d6b5d197795223ba7a091ebd8460"