diff options
| author |  Harvey Tuch <htuch@google.com> | 2017-01-20 11:02:11 -0500 |
|---|---|---|
| committer | Harvey Tuch <htuch@google.com> | 2017-02-07 15:45:44 -0500 |
| commit | 5f3cfe960f708a397c4465a3064072dd3b2d7bb7 (patch) | |
| tree | 363b85675839116c4314dbff8548170d94031acf /tools | |
| parent | 27ee9d015dff36ebf32e95c80a4d0b37ac7137ba (diff) | |
Fix read from uninitialized memory bug in GrpcBufferWriter.
This commit fixes an issue in which the following sequence of operations
leads to use of uninitialized memory:
1. Caller invokes GrpcBufferWriter::Next(), and then makes use of 8191
bytes in the returned buffer (which is 8192 bytes in size).
2. Caller then returns the unused single byte via
GrpcBufferWriter::BackUp(). This method invokes
g_core_codegen_interface->grpc_slice_split_tail(), which causes
backup_slice_ to be a grpc_slice with one byte.
3. At the next invocation of GrpcBufferWriter::Next(), a reference to
the single byte grpc_slice is returned to the caller.
The problem here is that the returned reference is to the inlined buffer
in the grpc_slice, which is resident in slice_, not the location of the
buffer inside slice_buffer_ after
g_core_codegen_interface->grpc_slice_buffer_add() in
GrpcBufferWriter::Next(). As a result, any data the caller writes to the
returned void* data is lost.
The solution is to avoid inlined backup slices.
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/run_tests/generated/sources_and_headers.json | 17 | ||||
| -rw-r--r-- | tools/run_tests/generated/tests.json | 22 |
2 files changed, 39 insertions, 0 deletions
diff --git a/tools/run_tests/generated/sources_and_headers.json b/tools/run_tests/generated/sources_and_headers.json index 52d8ae183b..def360afc8 100644 --- a/tools/run_tests/generated/sources_and_headers.json +++ b/tools/run_tests/generated/sources_and_headers.json @@ -3050,6 +3050,23 @@ }, { "deps": [ + "grpc", + "grpc++", + "grpc++_codegen_base", + "grpc++_codegen_proto" + ], + "headers": [], + "is_filegroup": false, + "language": "c++", + "name": "proto_utils_test", + "src": [ + "test/cpp/codegen/proto_utils_test.cc" + ], + "third_party": false, + "type": "target" + }, + { + "deps": [ "gpr", "gpr_test_util", "grpc", diff --git a/tools/run_tests/generated/tests.json b/tools/run_tests/generated/tests.json index 4cc543962e..1b636686cd 100644 --- a/tools/run_tests/generated/tests.json +++ b/tools/run_tests/generated/tests.json @@ -2980,6 +2980,28 @@ "ci_platforms": [ "linux", "mac", + "posix", + "windows" + ], + "cpu_cost": 1.0, + "exclude_configs": [], + "exclude_iomgrs": [], + "flaky": false, + "gtest": true, + "language": "c++", + "name": "proto_utils_test", + "platforms": [ + "linux", + "mac", + "posix", + "windows" + ] + }, + { + "args": [], + "ci_platforms": [ + "linux", + "mac", "posix" ], "cpu_cost": 0.5, |