gfe-relnote: Add live check to QuicSpdySession. No functional change expected, not protected.

PiperOrigin-RevId: 264452453
Change-Id: I6513576bd964434396102c10d9e9497518a38216

quic/core/http/quic_spdy_session.cc

diff --git a/quic/core/http/quic_spdy_session.cc b/quic/core/http/quic_spdy_session.cc
index 3992c22..9cc28ba 100644
--- a/quic/core/http/quic_spdy_session.cc
+++ b/quic/core/http/quic_spdy_session.cc
@@ -19,6 +19,7 @@
 #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_logging.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_stack_trace.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_str_cat.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_text_utils.h"
 #include "net/third_party/quiche/src/spdy/core/http2_frame_decoder_adapter.h"
@@ -191,6 +192,10 @@
       return;
     }
 
+    QUIC_BUG_IF(session_->destruction_indicator() != 123456789)
+        << "QuicSpdyStream use after free. "
+        << session_->destruction_indicator() << QuicStackTrace();
+
     if (session_->use_http2_priority_write_scheduler()) {
       session_->OnHeaders(
           stream_id, has_priority,
@@ -325,13 +330,17 @@
       supports_push_promise_(perspective() == Perspective::IS_CLIENT),
       spdy_framer_(SpdyFramer::ENABLE_COMPRESSION),
       spdy_framer_visitor_(new SpdyFramerVisitor(this)),
-      max_allowed_push_id_(0) {
+      max_allowed_push_id_(0),
+      destruction_indicator_(123456789) {
   h2_deframer_.set_visitor(spdy_framer_visitor_.get());
   h2_deframer_.set_debug_visitor(spdy_framer_visitor_.get());
   spdy_framer_.set_debug_visitor(spdy_framer_visitor_.get());
 }
 
 QuicSpdySession::~QuicSpdySession() {
+  QUIC_BUG_IF(destruction_indicator_ != 123456789)
+      << "QuicSpdyStream use after free. " << destruction_indicator_
+      << QuicStackTrace();
   // Set the streams' session pointers in closed and dynamic stream lists
   // to null to avoid subsequent use of this session.
   for (auto& stream : *closed_streams()) {
@@ -345,6 +354,7 @@
       static_cast<QuicSpdyStream*>(kv.second.get())->ClearSession();
     }
   }
+  destruction_indicator_ = 987654321;
 }
 
 void QuicSpdySession::Initialize() {
@@ -462,6 +472,9 @@
 }
 
 size_t QuicSpdySession::ProcessHeaderData(const struct iovec& iov) {
+  QUIC_BUG_IF(destruction_indicator_ != 123456789)
+      << "QuicSpdyStream use after free. " << destruction_indicator_
+      << QuicStackTrace();
   return h2_deframer_.ProcessInput(static_cast<char*>(iov.iov_base),
                                    iov.iov_len);
 }

quic/core/http/quic_spdy_session.h

diff --git a/quic/core/http/quic_spdy_session.h b/quic/core/http/quic_spdy_session.h
index bab74d3..ce69b89 100644
--- a/quic/core/http/quic_spdy_session.h
+++ b/quic/core/http/quic_spdy_session.h
@@ -192,6 +192,8 @@
 
   QuicStreamId max_allowed_push_id() { return max_allowed_push_id_; }
 
+  int32_t destruction_indicator() const { return destruction_indicator_; }
+
  protected:
   // Override CreateIncomingStream(), CreateOutgoingBidirectionalStream() and
   // CreateOutgoingUnidirectionalStream() with QuicSpdyStream return type to
@@ -322,6 +324,11 @@
   http2::Http2DecoderAdapter h2_deframer_;
   std::unique_ptr<SpdyFramerVisitor> spdy_framer_visitor_;
   QuicStreamId max_allowed_push_id_;
+
+  // An integer used for live check. The indicator is assigned a value in
+  // constructor. As long as it is not the assigned value, that would indicate
+  // an use-after-free.
+  int32_t destruction_indicator_;
 };
 
 }  // namespace quic