From 0498194240f55d7f4b12633ad01339fb690621bf Mon Sep 17 00:00:00 2001
From: Alisha Nanda <alishananda@google.com>
Date: Thu, 12 Dec 2024 16:48:47 -0800
Subject: [PATCH] Fix lifetime issue with EventEngine endpoint wrapper. Before,
 we would delete the wrapper in `grpc_take_wrapped_event_engine_endpoint`,
 which could destroy the wrapper before the refs became zero and lead to
 use-after-free / illegal instruction / segfault errors if callbacks return
 after the wrapper is destroyed. Now, we unref the wrapper instead of
 explicitly deleting it.

PiperOrigin-RevId: 705673089
---
 src/core/lib/iomgr/event_engine_shims/endpoint.cc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/core/lib/iomgr/event_engine_shims/endpoint.cc b/src/core/lib/iomgr/event_engine_shims/endpoint.cc
index 5fec956179ec5..c368db6fa0f3e 100644
--- a/src/core/lib/iomgr/event_engine_shims/endpoint.cc
+++ b/src/core/lib/iomgr/event_engine_shims/endpoint.cc
@@ -443,7 +443,7 @@ std::unique_ptr<EventEngine::Endpoint> grpc_take_wrapped_event_engine_endpoint(
       reinterpret_cast<EventEngineEndpointWrapper::grpc_event_engine_endpoint*>(
           ep);
   auto endpoint = eeep->wrapper->ReleaseEndpoint();
-  delete eeep->wrapper;
+  eeep->wrapper->Unref();
   return endpoint;
 }