Google Git
Sign in
quiche/quiche.git/ca254eda989155f5b3a421d41e2f94c683e8f2e6^!/.
commit
ca254eda989155f5b3a421d41e2f94c683e8f2e6
[log]
author
wub <wub@google.com>
Thu Jul 09 13:43:02 2020 -0400
committer
Victor Vasiliev <vasilvv@google.com>
Thu Jul 09 14:46:27 2020 -0400
tree
8736659e00fbfdebf9aef375d3b1651c36fee323
parent
091d8ec245232ab102c50d1e06a11f2bd9362e5a [diff]
In quicpacketcreator::serializepacket, set encrypted_buffer.buffer to nullptr before function returns. no behavior change, not protected.

The avoid_leak_writer_buffer flags has been default enabled but can't be deprecated due to a Chrome OS test failure in b/157989434. I suspect in that test environment, the std::move-d release_buffer(a std::function) is not set to an empty state, so the destructor of encrypted_buffer is still trying free the encrypted buffer. This is not observed in other environments.

PiperOrigin-RevId: 320427430

diff --git a/quic/core/quic_packet_creator.cc b/quic/core/quic_packet_creator.cc
index 2a9d92c..d9de9ad 100644
--- a/quic/core/quic_packet_creator.cc
+++ b/quic/core/quic_packet_creator.cc

@@ -850,6 +850,7 @@
   packet_.encrypted_length = encrypted_length;
   if (avoid_leak_writer_buffer_) {
     QUIC_RELOADABLE_FLAG_COUNT_N(quic_avoid_leak_writer_buffer, 1, 3);
+    encrypted_buffer.buffer = nullptr;
     packet_.release_encrypted_buffer =
         std::move(encrypted_buffer).release_buffer;
   } else {