From 0c2ce960dc4e2952d3949797cb54b99c171348ba Mon Sep 17 00:00:00 2001 From: Mikhail Krinkin Date: Thu, 20 Feb 2025 19:00:50 +0000 Subject: [PATCH] Cleanup before freeing FakeStream to prevent use-after-free In SendGoAwayNotTriggerredByDecodingFilter it could happen that FakeStream will get destroyed (when the test ends) before FakeUpstream dispatcher thread (FakeUpstream::threadRoutine()) exits or before all processing on the connection is complete. That leads to a situation when FakeUpstream dispatcher thread may try to call into the FakeStream::onResetStream when connection established by the test gets terminated *after* FakeStream was already destroyed. This triggers MSAN issue on clang-18 pretty consistently, though I don't think it's deterministic and could potentially happen on clang-14 currently used by Envoy CIs. This change makes sure that we do cleanup before exiting the test, thus preventing the use-after-free issue. Signed-off-by: Mikhail Krinkin --- test/integration/multiplexed_integration_test.cc | 1 + 1 file changed, 1 insertion(+) diff --git a/test/integration/multiplexed_integration_test.cc b/test/integration/multiplexed_integration_test.cc index 3ef885fd8807..82e1e8782bd9 100644 --- a/test/integration/multiplexed_integration_test.cc +++ b/test/integration/multiplexed_integration_test.cc @@ -2924,6 +2924,7 @@ TEST_P(Http2FrameIntegrationTest, SendGoAwayNotTriggerredByDecodingFilter) { FakeStreamPtr upstream_request; ASSERT_TRUE(fake_upstream_connection_->waitForNewStream(*dispatcher_, upstream_request)); ASSERT_TRUE(upstream_request->waitForEndStream(*dispatcher_)); + cleanupUpstreamAndDownstream(); tcp_client_->close(); }