Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTPCLIENT-2352: Improved flow control window handling to prevent overflow/underflow #510

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

HTTPCLIENT-2352: Improved flow control window handling to prevent overflow/underflow #510

wants to merge 1 commit into from
+91 −5

Conversation

arturobernalg
Copy link
Member

This PR addresses issues related to the flow control window management in the HTTP/2 implementation of Apache HttpClient. Specifically, it ensures that flow control window updates do not cause ArithmeticException due to overflow or underflow.

@arturobernalg
HTTPCLIENT-2352: Improved flow control window handling to prevent ove…
412615b 
…rflow/underflow

- Updated `updateWindow` method to cap the flow control window at `Integer.MAX_VALUE` and `Integer.MIN_VALUE`, avoiding `ArithmeticException` during updates.
- Modified `maximizeConnWindow` to account for the capped behavior, ensuring seamless operation within flow control limits.
@arturobernalg arturobernalg requested a review from ok2c December 20, 2024 21:19
garydgregory
garydgregory reviewed Dec 20, 2024
View reviewed changes
...re5-h2/src/test/java/org/apache/hc/core5/http2/impl/nio/TestAbstractH2StreamMultiplexer.java
// Test non-overflow scenario for both implementations
window = new AtomicInteger(1);
final int resultNewSafe = updateWindowNew(window, Integer.MAX_VALUE / 2 - 1);
System.out.println("New safe update result: " + resultNewSafe);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should write to the console.

@ok2c
Copy link
Member

ok2c commented Dec 21, 2024

@arturobernalg I am sorry but this is really not a good idea. We cannot just disable the data window overflow check and hope for the best. HTTP/2 endpoints can make mistakes in calculating their data windows. We need to detect those mistakes and report them as protocol violations

@arturobernalg
Copy link
Member Author

@arturobernalg I am sorry but this is really not a good idea. We cannot just disable the data window overflow check and hope for the best. HTTP/2 endpoints can make mistakes in calculating their data windows. We need to detect those mistakes and report them as protocol violations

@ok2c I see your point about not bypassing the overflow check. How about keeping the protocol violation handling by throwing an H2ConnectionException on overflow? This way, we still catch misbehaving endpoints without silently ignoring the issue.


    private int updateWindow(final AtomicInteger window, final int delta) throws H2ConnectionException {
        for (;;) {
            final int current = window.get();
            final long newValue = (long) current + delta;

            if (newValue > Integer.MAX_VALUE || newValue < Integer.MIN_VALUE) {
                throw new H2ConnectionException(H2Error.FLOW_CONTROL_ERROR,
                        "Flow control window exceeded: " + newValue);
            }

            if (window.compareAndSet(current, (int) newValue)) {
                return (int) newValue;
            }
        }
    }

@ok2c
Copy link
Member

ok2c commented Dec 21, 2024 

        if (newValue > Integer.MAX_VALUE || newValue < Integer.MIN_VALUE) {
            throw new H2ConnectionException(H2Error.FLOW_CONTROL_ERROR,
                    "Flow control window exceeded: " + newValue);
        }

@arturobernalg This is hardly any different to what we have now, slightly more readable and slightly less efficient.

I would like to see protocol logs with the exception and ideally a reproducer before any changes are made.

@arturobernalg
Copy link
Member Author 

        if (newValue > Integer.MAX_VALUE || newValue < Integer.MIN_VALUE) {
            throw new H2ConnectionException(H2Error.FLOW_CONTROL_ERROR,
                    "Flow control window exceeded: " + newValue);
        }

@arturobernalg This is hardly any different to what we have now, slightly more readable and slightly less efficient.

I would like to see protocol logs with the exception and ideally a reproducer before any changes are made.

Fair enough @ok2c

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@garydgregory garydgregory garydgregory left review comments

@ok2c ok2c Awaiting requested review from ok2c

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@arturobernalg @ok2c @garydgregory