From 0f4968a6d9244f3bcef89bbb1af60fdfcaf5d5b1 Mon Sep 17 00:00:00 2001
From: Alexander Polcyn <apolcyn@google.com>
Date: Wed, 17 Oct 2018 11:29:45 -0700
Subject: Fix a dangling pointer on ares_request object in case of cancellation

---
 test/core/end2end/fuzzers/api_fuzzer.cc |  5 +++++
 test/core/end2end/goaway_server_test.cc | 10 ++++++++++
 2 files changed, 15 insertions(+)

(limited to 'test/core/end2end')

diff --git a/test/core/end2end/fuzzers/api_fuzzer.cc b/test/core/end2end/fuzzers/api_fuzzer.cc
index eacfd4a8c3..2b722d809d 100644
--- a/test/core/end2end/fuzzers/api_fuzzer.cc
+++ b/test/core/end2end/fuzzers/api_fuzzer.cc
@@ -390,6 +390,10 @@ grpc_ares_request* my_dns_lookup_ares_locked(
   return nullptr;
 }
 
+static void my_cancel_ares_request_locked(grpc_ares_request* request) {
+  GPR_ASSERT(request == nullptr);
+}
+
 ////////////////////////////////////////////////////////////////////////////////
 // client connection
 
@@ -705,6 +709,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
   }
   grpc_set_resolver_impl(&fuzzer_resolver);
   grpc_dns_lookup_ares_locked = my_dns_lookup_ares_locked;
+  grpc_cancel_ares_request_locked = my_cancel_ares_request_locked;
 
   GPR_ASSERT(g_channel == nullptr);
   GPR_ASSERT(g_server == nullptr);
diff --git a/test/core/end2end/goaway_server_test.cc b/test/core/end2end/goaway_server_test.cc
index 8904c3d325..3f1c5596ad 100644
--- a/test/core/end2end/goaway_server_test.cc
+++ b/test/core/end2end/goaway_server_test.cc
@@ -50,6 +50,8 @@ static grpc_ares_request* (*iomgr_dns_lookup_ares_locked)(
     grpc_lb_addresses** addresses, bool check_grpclb,
     char** service_config_json, grpc_combiner* combiner);
 
+static void (*iomgr_cancel_ares_request_locked)(grpc_ares_request* request);
+
 static void set_resolve_port(int port) {
   gpr_mu_lock(&g_mu);
   g_resolve_port = port;
@@ -130,6 +132,12 @@ static grpc_ares_request* my_dns_lookup_ares_locked(
   return nullptr;
 }
 
+static void my_cancel_ares_request_locked(grpc_ares_request* request) {
+  if (request != nullptr) {
+    iomgr_cancel_ares_request_locked(request);
+  }
+}
+
 int main(int argc, char** argv) {
   grpc_completion_queue* cq;
   cq_verifier* cqv;
@@ -143,7 +151,9 @@ int main(int argc, char** argv) {
   default_resolver = grpc_resolve_address_impl;
   grpc_set_resolver_impl(&test_resolver);
   iomgr_dns_lookup_ares_locked = grpc_dns_lookup_ares_locked;
+  iomgr_cancel_ares_request_locked = grpc_cancel_ares_request_locked;
   grpc_dns_lookup_ares_locked = my_dns_lookup_ares_locked;
+  grpc_cancel_ares_request_locked = my_cancel_ares_request_locked;
 
   int was_cancelled1;
   int was_cancelled2;
-- 
cgit v1.2.3