diff options
author | 2017-01-30 08:17:38 -0800 | |
---|---|---|
committer | 2017-01-30 08:17:38 -0800 | |
commit | fa6a71d6e560851d84e35cdaee17b06818a5acc8 (patch) | |
tree | f8f8aaa92d1e9de2e801dbf89ac83327c3833852 /src/core/lib/transport/metadata_batch.c | |
parent | fd0e2152b76793d937ebeea277eb8e0c23176de6 (diff) |
Fix fuzzing detected failure
If both :authority and host appear in client initial headers, we either
leak (in opt builds) or crash (in dbg).
Diffstat (limited to 'src/core/lib/transport/metadata_batch.c')
-rw-r--r-- | src/core/lib/transport/metadata_batch.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/core/lib/transport/metadata_batch.c b/src/core/lib/transport/metadata_batch.c index 95b71d33d7..fc2c52bd8a 100644 --- a/src/core/lib/transport/metadata_batch.c +++ b/src/core/lib/transport/metadata_batch.c @@ -258,16 +258,22 @@ grpc_error *grpc_metadata_batch_substitute(grpc_exec_ctx *exec_ctx, grpc_metadata_batch *batch, grpc_linked_mdelem *storage, grpc_mdelem new) { + assert_valid_callouts(exec_ctx, batch); grpc_error *error = GRPC_ERROR_NONE; grpc_mdelem old = storage->md; if (!grpc_slice_eq(GRPC_MDKEY(new), GRPC_MDKEY(old))) { maybe_unlink_callout(batch, storage); storage->md = new; error = maybe_link_callout(batch, storage); + if (error != GRPC_ERROR_NONE) { + unlink_storage(&batch->list, storage); + GRPC_MDELEM_UNREF(exec_ctx, storage->md); + } } else { storage->md = new; } GRPC_MDELEM_UNREF(exec_ctx, old); + assert_valid_callouts(exec_ctx, batch); return error; } |