Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release/8.0-staging] Fix AV in HttpTelemetry.WriteEvent #99607

Merged
merged 2 commits into from
Mar 21, 2024
Merged

[release/8.0-staging] Fix AV in HttpTelemetry.WriteEvent #99607

merged 2 commits into from
Mar 21, 2024

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Mar 12, 2024
edited by MihaZupan
Loading

Backport of #99606 to release/8.0-staging
Fixes #99603

/cc @MihaZupan

Customer Impact

Reported by customer in #99603 and microsoft/reverse-proxy#2374.

When an app has telemetry turned on, it can lead to random crashes or random data being put into telemetry.
The crashes can happen multiple times a day even at very low loads (4 requests per second) - see customer report microsoft/reverse-proxy#2374.

HttpClient is passing pointers to unpinned string data to EventSource methods.
If a garbage collection occurs before EventSource can make a copy, we may read the wrong data or crash the process due to an access violation.

Regression

Yes - introduced in 8.0 preview 7 in PR #88853.

Testing

Verified on consistent repro (using artificially increased delay before the call to EventSource).

Risk

Very low.
The change is trivially verifiable via code review - moving a call 2 lines up so that it is inside the fixed scope instead of just after it.

@KalleOlaviNiemitalo
Copy link

This backport PR does not include the declaration move a4bbec7 from #99606. Is that by design?

@build-analysis build-analysis bot mentioned this pull request Mar 12, 2024
Closed
@MihaZupan
Copy link
Member

The backport PR was simply created before that change was made. It's functionally the same either way though

@MihaZupan MihaZupan added this to the 8.0.x milestone Mar 12, 2024
@karelz
Copy link
Member

karelz commented Mar 13, 2024

Clear customer impact, regression in 8.0 -- we should service it.

@karelz karelz added the Servicing-consider Issue for next servicing release review label Mar 13, 2024
@rbhanda rbhanda modified the milestones: 8.0.x, 8.0.5 Mar 14, 2024
@rbhanda rbhanda added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Mar 14, 2024
@MihaZupan MihaZupan merged commit 99c7022 into release/8.0-staging Mar 21, 2024
109 of 115 checks passed
@MihaZupan MihaZupan mentioned this pull request Mar 21, 2024
Closed
@jkotas jkotas deleted the backport/pr-99606-to-release/8.0-staging branch March 31, 2024 15:29
@pieter-venter
Copy link

@karelz It looks like yesterday's release was 8.0.4, which does not include this fix.
This issue is affecting us in production. Any guidance on when we can expect an official 8.0.5 or newer? Would be great if it could be fast tracked.

@github-actions github-actions bot locked and limited conversation to collaborators May 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@karelz karelz karelz approved these changes

@stephentoub stephentoub stephentoub approved these changes

Assignees
No one assigned
Labels
area-System.Net.Http Servicing-approved Approved for servicing release
Projects
None yet
Milestone
8.0.5
Development

Successfully merging this pull request may close these issues.
6 participants
@KalleOlaviNiemitalo @MihaZupan @karelz @pieter-venter @stephentoub @rbhanda