Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix HPACK eviction iterator manipulation #8004

Merged
merged 1 commit into from
Jul 1, 2021
Merged

Fix HPACK eviction iterator manipulation #8004

merged 1 commit into from
Jul 1, 2021

Conversation

shinrich
Copy link
Member

Found this while investigating #7838. According to https://en.cppreference.com/w/cpp/container/deque/pop_back#:~:text=std%3A%3Adeque%3A%3Apop_back&text=Removes%20the%20last%20element%20of,the%2Dend%20iterator%20is%20invalidated. After pop_back is called "Iterators and references to the erased element are invalidated". In the current logic, the increment is called on the old iterator after pop_back is called.

I'm not 100% sure this is causing our crash. If most of the time only one item is evicted, this case won't happen very often and maybe most of the time you get lucky.

I will get this patched rolled into our build. Even if it does not fix the crash the new logic is safer and looks cleaner.

This closes #7838

@shinrich shinrich added this to the 10.0.0 milestone Jun 28, 2021
@shinrich shinrich self-assigned this Jun 28, 2021
@shinrich shinrich requested a review from masaori335 as a code owner June 28, 2021 15:40
@shinrich shinrich requested a review from maskit June 28, 2021 15:40
@shinrich
Copy link
Member Author

[approve ci freebsd]

@bryancall
Copy link
Contributor

@masaori335 will take a look

masaori335
masaori335 approved these changes Jul 1, 2021
View reviewed changes
Copy link
Contributor

@masaori335 masaori335 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks reasonable regardless of this fixes the crash or not.

@shinrich shinrich merged commit 363ad30 into apache:master Jul 1, 2021
zwoop pushed a commit that referenced this pull request Jul 20, 2021
@shinrich @zwoop
Fix HPACK eviction iterator manipulation (#8004)
b1a3ee4 
(cherry picked from commit 363ad30)
@zwoop
Copy link
Contributor

zwoop commented Jul 20, 2021

Cherry-picked to v9.1.x branch.

@zwoop zwoop modified the milestones: 10.0.0, 9.1.0 Jul 20, 2021
masaori335 pushed a commit to masaori335/trafficserver that referenced this pull request Aug 2, 2021
@zwoop
Merge remote-tracking branch 'asf/9.1.x' into 9.1.x
c802320 
* asf/9.1.x: (28 commits)
  Updated ChangeLog
  Make the rest of InkAPI allocators Proxy Allocated (apache#8106)
  Added missing milestones and updated slow log report script (apache#8168)
  Cleans up the code bit, including milliseconds consistency (apache#7989)
  Note YAML parser library bug, and work-around, in documentation. (apache#7963)
  Update INSTALL for URLs and version number (apache#8173)
  ESI plugin documentation updates. (apache#7970)
  Add a JSON schema for strategies.yaml (apache#7932)
  ensure hostname_offset is initialized to '0' to indicate null hostname (apache#8162)
  Fixed compile error with Linux AIO unit test (apache#7958)
  Enforce case for well known methods (apache#7886)
  Treat TRACE with body as bad request (apache#7905)
  Close connection after every bad request for HTTP/1.1 (apache#7885)
  use sendmsg and recvmsg (apache#7793)
  Apply log throttling to HTTP/2 session error rate messages (apache#7772)
  limit m_current_range to max value in RangeTransform (apache#4843)
  Fix HPACK eviction iterator manipulation (apache#8004)
  Replace fix assert in error event processing (apache#8058)
  Adds OCSP support for BoringSSL (apache#7298)
  .gitignore rules for gcov generated files (apache#8099)
  ...
moonchen pushed a commit to moonchen/trafficserver that referenced this pull request Mar 7, 2022
@zwoop
Merge remote-tracking branch 'asf/master'
c699598 
* asf/master: (763 commits)
  rate_limit: Add a global hook to rate limit concurrent connections based on SNI (apache#8021)
  Fix uri_signing unit test for out of source builds (apache#8040)
  tests: Add conditions for BoringSSL and OpenSSL (apache#8045)
  change debug tags and make sure sni is printed on certain logs (apache#7673)
  Doc build in CI: build English docs with -W (apache#8039)
  When loading async SSL configuration file fails, log SSL error (apache#8036)
  Doc build: treat warnings as errors only by default (apache#8038)
  For test async_engine, export all symbols (apache#8037)
  Fix the server cert reload (apache#8030)
  Treat Sphinx doc build warnings as errors. (apache#8033)
  Stablize trace curl test in good_request_after_bad (apache#8032)
  Doc: Update documentation to build cleanly in Sphinx 3. Require Sphinx 3 or better. (apache#7978)
  Docs: Fix pre-formatting for ratelimit plugin (apache#7986)
  Make it slightly harder to dump private keys to logs (apache#8029)
  tls_bad_alpn: Add an openssl version skip check (apache#8026)
  per thread jemalloc arena for MADV_DONTDUMP (apache#7501)
  Adds a new rm-destination, this lets you specify either QUERY or PATH, and be able to drop them from the incoming request (apache#8025)
  Fix HPACK eviction iterator manipulation (apache#8004)
  Do not invalidate cached resources upon error responses to unsafe methods (apache#7999)
  Cleanup SSLUtils (apache#8007)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@masaori335 masaori335 masaori335 approved these changes

@duke8253 duke8253 duke8253 approved these changes

@maskit maskit Awaiting requested review from maskit

Assignees

@shinrich shinrich

Labels
Crash HTTP/2
Projects
None yet
Milestone
9.1.0
Development

Successfully merging this pull request may close these issues.

HPACK crash in 9.0.1
5 participants
@shinrich @bryancall @zwoop @masaori335 @duke8253