[grpc] Address CVE-2024-11407

[larryluogit]

This fix ensures that the iov_base pointers point to the right address.

PiperOrigin-RevId: 673923651

@karthikravis

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[larryluogit]

@thevar1able
This PR cherry pick the fix for CVE-2024-11407

[larryluogit]

@thevar1able @Algunenano
This is a case where a submodule points to a ClickHouse fork.
I'm currently updating the ClickHouse fork to address some CVEs. My process is:

1. Submit a PR to the ClickHouse fork first
2. Once that PR is merged, submit another PR to the main ClickHouse branch to update the submodule reference

I'm concerned this might not be the correct approach. Could you please confirm the proper steps for addressing CVEs in ClickHouse submodule forks? TIA

[rschu1ze]

No worries, this is exactly the right approach.

But before pushing anything, please check the merged and open PRs to avoid duplicate work ... there have been various CVE fixes from our side already:

• Bump openssl to 3.2.4 ClickHouse#81438
• Bump postgres to 16.9 ClickHouse#81437
• Bump abseil-cpp to 2025-01-27 ClickHouse#81440
• Bump libxml2 to 2.14.3 ClickHouse#81187
• Bump mongo-c-driver to 1.30.4 ClickHouse#81449
• Bump krb5 to 1.21.3-final ClickHouse#81453
• Bump orc to 2.1.2 ClickHouse#81455
• Bump c-ares to 1.34.5 ClickHouse#81159