[EventEngine] Fix a potential use-after-free error on Windows#42078
Closed
murgatroid99 wants to merge 3 commits into
Closed
[EventEngine] Fix a potential use-after-free error on Windows#42078murgatroid99 wants to merge 3 commits into
murgatroid99 wants to merge 3 commits into
Conversation
markdroth
approved these changes
Apr 10, 2026
asheshvidyut
pushed a commit
to a-detiste/grpc
that referenced
this pull request
Jun 10, 2026
…2078) This issue was introduced by grpc#41563. That PR allowed `OnConnectCompleted` to proceed past a failed `Cancel(state->timer_handle())`, and the next line releases the timer callback. That is a problem because the timer callback can still run, though it won't actually do anything beyond see that the `OnConnectedCallback` ran and then release itself. The solution is to only release the timer callback if the timer was successfully cancelled, and otherwise count on the timer callback to clean itself up. `OnConnectCallback` doesn't interact with the timer after that point, so I'm fairly certain that this is the last problem of its kind here. <!-- If you know who should review your pull request, please assign it to that person, otherwise the pull request would get assigned randomly. If your pull request is for a specific language, please add the appropriate lang label. --> Closes grpc#42078 COPYBARA_INTEGRATE_REVIEW=grpc#42078 from murgatroid99:windows_event_engine_race_fix_2 ec74a2e PiperOrigin-RevId: 910905066
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This issue was introduced by #41563. That PR allowed
OnConnectCompletedto proceed past a failedCancel(state->timer_handle()), and the next line releases the timer callback. That is a problem because the timer callback can still run, though it won't actually do anything beyond see that theOnConnectedCallbackran and then release itself. The solution is to only release the timer callback if the timer was successfully cancelled, and otherwise count on the timer callback to clean itself up.OnConnectCallbackdoesn't interact with the timer after that point, so I'm fairly certain that this is the last problem of its kind here.