Skip null data (fix NRE) in output data received handler

[iSazonov]

PR Summary

Add null check in OnOutputDataReceived() method.

PR Context

Fix #11445. The NRE comes from #11380.

PR Checklist

• PR has a meaningful title
  • Use the present tense and imperative mood when describing your changes
• Summarized changes
• Make sure all .h, .cpp, .cs, .ps1 and .psm1 files have the correct copyright header
• This PR is ready to merge and is not Work in Progress.
  • If the PR is work in progress, please add the prefix WIP: or [ WIP ] to the beginning of the title (the WIP bot will keep its status check at Pending while the prefix is present) and remove the prefix when the PR is ready.
• Breaking changes
  • None
  • OR
  • Experimental feature(s) needed
    • Experimental feature name(s):
• User-facing changes
  • Not Applicable
  • OR
  • Documentation needed
    • Issue filed:
• Testing - New and feature
  • N/A or can only be tested interactively
  • OR
  • Make sure you've added a new test if existing tests do not effectively test the code changed
• Tooling
  • I have considered the user experience from a tooling perspective and don't believe tooling will be impacted.
  • OR
  • I have considered the user experience from a tooling perspective and enumerated concerns in the summary. This may include:
    • Impact on PowerShell Editor Services which is used in the PowerShell extension for VSCode (which runs in a different PS Host).
    • Impact on Completions (both in the console and in editors) - one of PowerShell's most powerful features.
    • Impact on PSScriptAnalyzer (which provides linting & formatting in the editor extensions).
    • Impact on EditorSyntax (which provides syntax highlighting with in VSCode, GitHub, and many other editors).

[PaulHigin]

Please remove this code, and add this null check to line 749 above.

[iSazonov]

What should GetMessageGuid() return in the case? Guid.Empty?

[PaulHigin]

Yes. Ensuing data processing will check for null or bad packets and do the appropriate thing. Thanks!

[PaulHigin]

LGTM

[iSazonov]

@PaulHigin Make sense to optimize GetMessageGuid() method? Is it on hot path? I could exclude allocations (we don't use parsed GUID) and try-catch.

[PaulHigin]

@iSazonov
My first thought was to let later packet processing check for null/empty packet string. But that is an invalid PSRP packet and nothing can be done with it. So now I am thinking we should do the null/empty check at protected void HandleOutputDataReceived() and simply return if string is null or empty.

I don't believe there will be any noticeable perf impact, but it feels cleaner.

To summarize, I think we should move the null check from line 749 to line 773.

Do you agree?

[iSazonov]

invalid PSRP packet

If we silently drop the packet it seems we hide a bug. If I undenstand right the packet is created on server before the send code - and if we created a broken package this looks like a bug.
Although the original design allow this. Actually, it worked like that before #11380 - we sent such a empty package. The PR brings back this behavior. This is the best minimal change.
If we do not want to send empty packets, then we should rather eliminate the reason for their appearance. This is much harder to do. I don’t really know where this is going. If this is not critical, then perhaps we could stop on the current fix.

[iSazonov]

I added an optimization commit to avoid extra allocations. If you don't like it I will revert.

[PaulHigin]

@iSazonov
Packet processing already detects malformed packets and emits a proper error. But a null/empty data string indicates a problem in the transport, e.g., named pipe emitting a null packet because it closed or some reason. In this case the code simply ignores the packet and is the correct thing to do. I feel this check and return should be done in HandleOutputDataReceived() as I mentioned above.

[PaulHigin]

Please add try/catch. This method should not throw.

[iSazonov]

With the new implementation the method can not throw. But I added explicit try-catch to avoid a regression if anybody change the method.

[PaulHigin]

Both Slice() and IndexOf() methods can throw.

[iSazonov]

It seems ReadOnlySpan.IndexOf() never throw. Slice() could be but IndexOf() before it protects from this.
In any case I already added try-catch to exclude a regression in future..

[PaulHigin]

Please move string null/empty check to here.

[iSazonov]

I added the explicit check.

[PaulHigin]

Using Span.Slice() is a good optimization. But this code is actually incorrect as is. All PSRP packets contain a Guid. But a session message guid is always an empty guid (which is why the original code compares to an empty Guid). A non-empty guid means the PSRP packet is a command message. This method is used to route the message to the appropriate processing thread. To fix this, please make the following changes;

private bool IsCommandMessage(ReadOnlySpan<char> data)
{
    try
    {
        // Perform quick scan for data packet GUID.
        var iTag = data.Index(GUIDTAG, StringComparison.OrdinalIgnoreCase);
        if (iTag > -1)
        {
            // An empty GUID value means this is a session message, otherwise it is a command message.
            var psGuidString = data.Slice(iTag + GUIDTag.Length, GUID_STR_LEN);
            if (Guid.TryParse(psGuidString out Guid psGuid))
            {
                return !Guid.Equals(psGuid, Guid.Empty);
            }
        }
    }
    catch
    {
        // The method should never throw.
    }

    // Missing Guid means an invalid packet.  Continue processing as session message.
    return false;
}

[iSazonov]

Ah, I did know. Thanks!

Do we know that the package integrity already was checked and GUID always present? If yes we could only search the const without parsing:

Suggested change

	return Guid.TryParse(psGuidString, out _);
	private const string GUIDTAG = "PSGuid=00000000-0000-0000-0000-000000000000'";

[PaulHigin]

Yes, good point. We can simply search for an empty PSGuid element. All valid packets will have a PSGuid element, and if invalid we just treat as a session message.

[iSazonov]

Done.

[PaulHigin]

I think we can make it even simpler. I now agree that the method won't throw so we can remove the try/catch. Also empty Guid equates to session message so we should name the method correctly. I was thinking:

private const string SESSIONGUID = "PSGuid='00000000-0000-0000-0000-000000000000'";
private bool IsSessionMessage(string data)
{
    // Perform quick scan for an empty GUID element, which identifies a session message.
    return data.IndexOf(SESSIONGUID, StringComparison.OrdinalIgnoreCase) > -1;
}

[PaulHigin]

Since this is only used for routing, any invalid packet can be routed to command thread ... it really shouldn't matter.

[iSazonov]

Done.

[PaulHigin]

Please change to use new IsCommandMessage().

[iSazonov]

Done.

[PaulHigin]

Please remove this comment.
I mean please just remove this comment:
// Session messages have empty Guid values.
because it seems unnecessary now.

[iSazonov]

Done.

[PaulHigin]

Minor comment. The null check does not need to be within the try/catch.

[iSazonov]

Done.

[PaulHigin]

LGTM

[PaulHigin]

Just curious if we still need to pass as Span type. We can just scan a normal string type, but I am not sure if it really makes a difference.

[iSazonov]

:-) Yes, but we again would care about null to exclude a regression in future.

[daxian-dbw]

I think if you worry that a null value may be passed to this method, the intent is more clear by having a null check here:

private bool IsSessionMessage(string data)
{
    if (data == null) { return false; }
    return data.IndexOf(SESSIONDMESSAGETAG, StringComparison.OrdinalIgnoreCase) > -1;
}

Or, maybe this method should just be directly inlined in HandleOutputDataReceived given it's just one line of code and not used anywhere else.

[PaulHigin]

I prefer having the private method since it makes clear what the purpose is. Null check is not needed.

[iSazonov]

Inlined the method.

[iSazonov]

Oops, @PaulHigin sorry I did not see your comment. Perhaps SESSIONDMESSAGETAG well says that the purpose is and inlining is goog? Thoughts?

[daxian-dbw]

@PaulHigin Would it be OK to add a comment to the inlined code to make the purpose clear?
I don't mind having it a separate private method, just thought using string data should be sufficient.

[PaulHigin]

I assumed the compiler would inline but I am fine either way. These are minor issues and overall I am happy with the changes.

[iSazonov]

@PaulHigin Thanks for help!

[PaulHigin]

@iSazonov Thanks for fixing this!

[ghost]

🎉v7.0.0-rc.2 has been released which incorporates this pull request.:tada:

Handy links:

• Release Notes