Skip to content
Snippets Groups Projects
Select Git revision
  • 5f3cfe960f708a397c4465a3064072dd3b2d7bb7
  • master default protected
  • arm-aarch-platform
  • arm-platform
  • vjpai-patch-3
  • vjpai-patch-1
  • v1.27.x
  • jtattermusch-patch-2
  • jtattermusch-patch-1
  • update-java-worker-example-in-performance-docs
  • revert-21805-revert-21797-reintroduce_21527
  • revert-21804-tls-credentials-1
  • zhen_cleanup_namecheck
  • revert-21806-revert-21767-revert-21725-revert-21680-cq_ordering
  • vjpai-patch-2
  • revert-21766-tls-credentials-1
  • revert-21640-change_local_tcp_security_level
  • revert-21680-cq_ordering
  • revert-21527-unify_boringssl_deps2
  • revert-20803-grpclb_stabilization
  • fix-kokoro-rvm-key
  • v1.27.0
  • v1.27.0-pre2
  • v1.27.0-pre1
  • v1.26.0
  • v1.26.0-pre1
  • v1.25.0
  • v1.25.0-pre1
  • v1.24.3
  • v1.24.2
  • v1.24.1
  • v1.23.1
  • v1.24.0
  • v1.24.0-pre2
  • v1.24.0-pre1
  • v1.22.1
  • v1.23.0
  • v1.23.0-pre1
  • v1.22.0
  • v1.22.0-pre1
  • v1.21.4
41 results

codegen_test_full.cc

Blame
    • Harvey Tuch's avatar
      5f3cfe96
      Fix read from uninitialized memory bug in GrpcBufferWriter. · 5f3cfe96
      Harvey Tuch authored
      This commit fixes an issue in which the following sequence of operations
      leads to use of uninitialized memory:
      
      1. Caller invokes GrpcBufferWriter::Next(), and then makes use of 8191
         bytes in the returned buffer (which is 8192 bytes in size).
      
      2. Caller then returns the unused single byte via
         GrpcBufferWriter::BackUp(). This method invokes
         g_core_codegen_interface->grpc_slice_split_tail(), which causes
         backup_slice_ to be a grpc_slice with one byte.
      
      3. At the next invocation of GrpcBufferWriter::Next(), a reference to
         the single byte grpc_slice is returned to the caller.
      
      The problem here is that the returned reference is to the inlined buffer
      in the grpc_slice, which is resident in slice_, not the location of the
      buffer inside slice_buffer_ after
      g_core_codegen_interface->grpc_slice_buffer_add() in
      GrpcBufferWriter::Next(). As a result, any data the caller writes to the
      returned void* data is lost.
      
      The solution is to avoid inlined backup slices.
      5f3cfe96
      History
      Fix read from uninitialized memory bug in GrpcBufferWriter.
      Harvey Tuch authored
      This commit fixes an issue in which the following sequence of operations
      leads to use of uninitialized memory:
      
      1. Caller invokes GrpcBufferWriter::Next(), and then makes use of 8191
         bytes in the returned buffer (which is 8192 bytes in size).
      
      2. Caller then returns the unused single byte via
         GrpcBufferWriter::BackUp(). This method invokes
         g_core_codegen_interface->grpc_slice_split_tail(), which causes
         backup_slice_ to be a grpc_slice with one byte.
      
      3. At the next invocation of GrpcBufferWriter::Next(), a reference to
         the single byte grpc_slice is returned to the caller.
      
      The problem here is that the returned reference is to the inlined buffer
      in the grpc_slice, which is resident in slice_, not the location of the
      buffer inside slice_buffer_ after
      g_core_codegen_interface->grpc_slice_buffer_add() in
      GrpcBufferWriter::Next(). As a result, any data the caller writes to the
      returned void* data is lost.
      
      The solution is to avoid inlined backup slices.
    greeter_server.js 2.14 KiB
    /*
     *
     * Copyright 2015, Google Inc.
     * All rights reserved.
     *
     * Redistribution and use in source and binary forms, with or without
     * modification, are permitted provided that the following conditions are
     * met:
     *
     *     * Redistributions of source code must retain the above copyright
     * notice, this list of conditions and the following disclaimer.
     *     * Redistributions in binary form must reproduce the above
     * copyright notice, this list of conditions and the following disclaimer
     * in the documentation and/or other materials provided with the
     * distribution.
     *     * Neither the name of Google Inc. nor the names of its
     * contributors may be used to endorse or promote products derived from
     * this software without specific prior written permission.
     *
     * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
     * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
     * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
     * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
     * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
     * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
     * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
     * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     *
     */
    
    var PROTO_PATH = __dirname + '/helloworld.proto';
    
    var grpc = require('grpc');
    var hello_proto = grpc.load(PROTO_PATH).helloworld;
    
    var Server = grpc.buildServer([hello_proto.Greeter.service]);
    
    /**
     * Implements the SayHello RPC method.
     */
    function sayHello(call, callback) {
      callback(null, {message: 'Hello ' + call.request.name});
    }
    
    /**
     * Starts an RPC server that receives requests for the Greeter service at the
     * sample server port
     */
    function main() {
      var server = new Server({
        "helloworld.Greeter": {
          sayHello: sayHello
        }
      });
    
      server.bind('0.0.0.0:50051');
      server.listen();
    }
    
    main();