Increase reference count on state used in tcp connect. #12733
Conversation
The state is used both in the callback for the actual connect as well as in the additional timeout that is setup for the operation. Both code paths decrease the reference count and if they happen to be queued at the same time, memory is corrupted. Subsequent behavior is undefined and segfaults can be observed as a result. Fixes grpc#12608
|
Thanks for your pull request. The automated tests will run as soon as one of the admins verifies this change is ok for us to run on our infrastructure. |
|
Please see the following gists for
These are obviously not conclusive but seem to give a good indication that the fix is valid and does not lead to a memory leak. Happy to provide further details. |
|
Thanks for your pull request. The automated tests will run as soon as one of the admins verifies this change is ok for us to run on our infrastructure. |
|
|
|
@murgatroid99 I see the tests failing, happy to investigate. Is there any way I can get access to the test results or reproduce the failures on my local machine? |
|
Some of those failures are definitely flakes. But the required test is failing because of a clang format error: it wants an extra space between the code and the |
|
Thanks, fixed up the whitespace. |
|
|
|
|
|
@murgatroid99 Thanks for merging and for kicking off the backport to 1.7.x. Any idea when a release with the fix included would hit https://www.npmjs.com/package/grpc? |
|
I would expect within the next couple of weeks. This came in the middle of some changes we're making to our repository structure and release process, so there may be a bit of a delay. |
|
I've published 1.6.6 with this fix. |
The state is used both in the callback for the actual connect as well as
in the additional timeout that is setup for the operation. Both code
paths decrease the reference count and if they happen to be queued at
the same time, memory is corrupted. Subsequent behavior is undefined and
segfaults can be observed as a result.
Fixes #12608