From 38525a9a082df5c8a61efe046cde9cb14ae4170c Mon Sep 17 00:00:00 2001
From: "Mark D. Roth" <roth@google.com>
Date: Fri, 9 Sep 2016 14:45:00 -0700
Subject: [PATCH] Fix use-after-free bug.

---
 src/core/ext/client_config/resolver_result.c       | 7 +++++++
 src/core/ext/client_config/resolver_result.h       | 2 ++
 src/core/ext/resolver/sockaddr/sockaddr_resolver.c | 4 ++--
 3 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/core/ext/client_config/resolver_result.c b/src/core/ext/client_config/resolver_result.c
index ba21349d2d..b0602d583d 100644
--- a/src/core/ext/client_config/resolver_result.c
+++ b/src/core/ext/client_config/resolver_result.c
@@ -47,6 +47,13 @@ grpc_addresses *grpc_addresses_create(size_t num_addresses) {
   return addresses;
 }
 
+grpc_addresses *grpc_addresses_copy(grpc_addresses* addresses) {
+  grpc_addresses *new = grpc_addresses_create(addresses->num_addresses);
+  memcpy(new->addresses, addresses->addresses,
+         sizeof(grpc_address) * addresses->num_addresses);
+  return new;
+}
+
 void grpc_addresses_set_address(grpc_addresses *addresses, size_t index,
                                 void *address, size_t address_len,
                                 bool is_balancer) {
diff --git a/src/core/ext/client_config/resolver_result.h b/src/core/ext/client_config/resolver_result.h
index df92bec984..b1a3457565 100644
--- a/src/core/ext/client_config/resolver_result.h
+++ b/src/core/ext/client_config/resolver_result.h
@@ -54,6 +54,8 @@ typedef struct grpc_addresses {
     \a num_addresses addresses. */
 grpc_addresses *grpc_addresses_create(size_t num_addresses);
 
+grpc_addresses *grpc_addresses_copy(grpc_addresses* addresses);
+
 void grpc_addresses_set_address(grpc_addresses *addresses, size_t index,
                                 void *address, size_t address_len,
                                 bool is_balancer);
diff --git a/src/core/ext/resolver/sockaddr/sockaddr_resolver.c b/src/core/ext/resolver/sockaddr/sockaddr_resolver.c
index 328c7cb6f9..5c59e4397a 100644
--- a/src/core/ext/resolver/sockaddr/sockaddr_resolver.c
+++ b/src/core/ext/resolver/sockaddr/sockaddr_resolver.c
@@ -120,8 +120,8 @@ static void sockaddr_maybe_finish_next_locked(grpc_exec_ctx *exec_ctx,
                                               sockaddr_resolver *r) {
   if (r->next_completion != NULL && !r->published) {
     r->published = true;
-    *r->target_result =
-        grpc_resolver_result_create(r->addresses, r->lb_policy_name);
+    *r->target_result = grpc_resolver_result_create(
+        grpc_addresses_copy(r->addresses), r->lb_policy_name);
     grpc_exec_ctx_sched(exec_ctx, r->next_completion, GRPC_ERROR_NONE, NULL);
     r->next_completion = NULL;
   }
-- 
GitLab