Switch instanceName used in FindCommissionableNode (backport #71877)

[mergify]

Summary

Changes Made

This PR updates UserDirectedCommissioningServer::HandleNewUDC so that the registered InstanceNameResolver is given a pointer to the UDCClientState's instanceName instead of the IdentificationDeclaration's instanceName. The UDCClientState's instance name is owned and persists long enough to prevent the flake from occurring.

UDCClientState::GetInstanceName returns a const char *, so we also update FindCommissionableNode to use const as well. This doesn't affect any callsites in the repo, but the change did need to be propagated across InstanceNameResolver subclasses.

Background

JFADMIN 2.2 seems to require User-Directed Commissioning because each controller needs to initiate commissioning to get onto the corresponding administrator's fabric.

ASan reports a stack-use-after-return when doing a string compare on the following line inside ActiveResolveAttempts::MarkPending:

connectedhomeip/src/lib/dnssd/ActiveResolveAttempts.cpp

Line 140 in e6863fc

if (entryToUse->attempt.Matches(attempt))

This code runs as part of UserDirectedCommissioningServer::OnMessageReceived. It seems like an entry in ActiveResolveAttempts' mRetryQueue has a dangling pointer to the instanceName of an IdentificationDeclaration from an earlier OnMessageReceived. The variable is stack-allocated here:

connectedhomeip/src/protocols/user_directed_commissioning/UserDirectedCommissioningServer.cpp

Line 63 in e6863fc

IdentificationDeclaration id;

This is a rare flake because the UDC Server must receive a retransmission of the commissionee's identity declaration BEFORE mDNS completes and clears the RetryQueue. Retransmission occurs after 500 or more milliseconds, which is usually plenty of time for mDNS outside of CI.

Outside of ASan, this is probably a silent error because the string comparison just fails and a duplicate entry is added to the retry queue.

Here is a minimal test case showing the failure. If you add this to TestActiveResolveAttempts.cpp, compile with is_asan=true chip_mdns="minimal", and run the test, it will crash.

TEST(TestActiveResolveAttempts, TestInstanceNameFilterNoDanglingPointer)
{
    System::Clock::Internal::MockClock mockClock;
    mdns::Minimal::ActiveResolveAttempts attempts(&mockClock);

    // This test passes under ASan if these curly braces are removed, since instanceName will remain in scope for the second MarkPending.
    {
        char instanceName[] = "ABCDEF1234567890"; // 16 chars + NUL <= kInstanceNameMaxLength
        Dnssd::DiscoveryFilter filter(Dnssd::DiscoveryFilterType::kInstanceName, instanceName);
        attempts.MarkPending(filter, Dnssd::DiscoveryType::kCommissionableNode);
    }

    char instanceName2[] = "1234567890ABCDEF";
    Dnssd::DiscoveryFilter filter2(Dnssd::DiscoveryFilterType::kInstanceName, instanceName2);
    attempts.MarkPending(filter2, Dnssd::DiscoveryType::kCommissionableNode);
}

Disclaimer: I used AI to help troubleshoot and write the test, but everything written here is my own words from my own manual investigation of the failure/relevant code.

Related issues

#71404
^ Can't say with confidence this will be fixed, so I won't mark it to automatically close.

Testing

Ran TestUdcMessages and JFADMIN 2.2, both passed.

Readability checklist

The checklist below will help the reviewer finish PR review in time and keep the
code readable:

• PR title is
  descriptive
• Apply the
  “When in Rome…”
  rule (coding style)
• PR size is short
• Try to avoid "squashing" and "force-update" in commit history
• CI time didn't increase

See: Pull Request Guidelines

---

This is an automatic backport of pull request #71877 done by [Mergify](https://mergify.com).

[github-actions]

PR #72374: Size comparison from 44aaaba to 62bf8f5

Full report (35 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, efr32, esp32, nrfconnect, nxp, psoc6, qpg, realtek, stm32, telink)

platform	target	config	section	44aaaba	62bf8f5	change	% change
bl602	lighting-app	bl602+mfd+littlefs+rpc	FLASH	1105954	1105954	0	0.0
			RAM	178938	178938	0	0.0
bl702	lighting-app	bl702+eth	FLASH	661028	661028	0	0.0
			RAM	135025	135025	0	0.0
		bl702+wifi	FLASH	836622	836622	0	0.0
			RAM	124461	124461	0	0.0
		bl706+mfd+rpc+littlefs	FLASH	1070278	1070278	0	0.0
			RAM	117333	117333	0	0.0
bl702l	contact-sensor-app	bl702l+mfd+littlefs	FLASH	899112	899112	0	0.0
			RAM	105612	105612	0	0.0
	lighting-app	bl702l+mfd+littlefs	FLASH	983024	983024	0	0.0
			RAM	109812	109812	0	0.0
cc13x4_26x4	lighting-app	LP_EM_CC1354P10_6	FLASH	770516	770516	0	0.0
			RAM	103368	103368	0	0.0
	lock-ftd	LP_EM_CC1354P10_6	FLASH	782384	782384	0	0.0
			RAM	108544	108544	0	0.0
	pump-app	LP_EM_CC1354P10_6	FLASH	728296	728296	0	0.0
			RAM	97428	97428	0	0.0
	pump-controller-app	LP_EM_CC1354P10_6	FLASH	712772	712772	0	0.0
			RAM	97644	97644	0	0.0
cc32xx	air-purifier	CC3235SF_LAUNCHXL	FLASH	554874	554874	0	0.0
			RAM	205808	205808	0	0.0
	lock	CC3235SF_LAUNCHXL	FLASH	587762	587762	0	0.0
			RAM	205912	205912	0	0.0
efr32	lock-app	BRD4187C	FLASH	963200	963192	-8	-0.0
			RAM	123604	123604	0	0.0
	window-app	BRD4187C	FLASH	1058020	1058012	-8	-0.0
			RAM	119832	119832	0	0.0
	lock-app	BRD4338a	FLASH	757000	756992	-8	-0.0
			RAM	254204	254204	0	0.0
esp32	all-clusters-app	c3devkit	DRAM	97788	97788	0	0.0
			FLASH	1579530	1579530	0	0.0
			IRAM	93514	93514	0	0.0
nrfconnect	all-clusters-app	nrf52840dk_nrf52840	FLASH	929172	929172	0	0.0
			RAM	161458	161458	0	0.0
nxp	contact	mcxw71+release	FLASH	740688	740688	0	0.0
			RAM	66952	66952	0	0.0
psoc6	all-clusters	cy8ckit_062s2_43012	FLASH	1688340	1688340	0	0.0
			RAM	214060	214060	0	0.0
	all-clusters-minimal	cy8ckit_062s2_43012	FLASH	1593164	1593164	0	0.0
			RAM	211188	211188	0	0.0
	light	cy8ckit_062s2_43012	FLASH	1460468	1460468	0	0.0
			RAM	197808	197808	0	0.0
	lock	cy8ckit_062s2_43012	FLASH	1493188	1493188	0	0.0
			RAM	225528	225528	0	0.0
qpg	lighting-app	qpg6200+debug	FLASH	836720	836720	0	0.0
			RAM	127776	127776	0	0.0
	lock-app	qpg6200+debug	FLASH	774380	774380	0	0.0
			RAM	118744	118744	0	0.0
realtek	light-switch-app	rtl8777g	FLASH	706136	706136	0	0.0
			RAM	106980	106980	0	0.0
	lighting-app	rtl8777g	FLASH	757024	757024	0	0.0
			RAM	127304	127304	0	0.0
stm32	light	STM32WB5MM-DK	FLASH	469896	469896	0	0.0
			RAM	141360	141360	0	0.0
telink	light-app-ota-compress-lzma-shell-factory-data	tl3218x	FLASH	797072	797072	0	0.0
			RAM	41032	41032	0	0.0
	light-switch-app-ota-factory-data	tl3218x_retention	FLASH	725502	725502	0	0.0
			RAM	34636	34636	0	0.0
	bridge-app	tl7218x	FLASH	710580	710580	0	0.0
			RAM	90608	90608	0	0.0
	light-app-ota-shell-factory-data	tl7218x	FLASH	788274	788274	0	0.0
			RAM	93708	93708	0	0.0
	light-switch-app-ota-compress-lzma-factory-data	tl7218x_retention	FLASH	715356	715356	0	0.0
			RAM	51904	51904	0	0.0
	lighting-app-ota-factory-data	tlsr9118bdk40d	FLASH	602602	602602	0	0.0
			RAM	108680	108680	0	0.0
	lighting-app-ota-rpc-factory-data-4mb	tlsr9518adk80d	FLASH	820910	820910	0	0.0
			RAM	92104	92104	0	0.0
	light-switch-app-ota-compress-lzma-shell-factory-data	tlsr9528a	FLASH	748652	748652	0	0.0
			RAM	70944	70944	0	0.0