Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

server: handle non-EnvoyExceptions safely if thrown in constructor. #4173

Merged
merged 1 commit into from
Aug 16, 2018
Merged

server: handle non-EnvoyExceptions safely if thrown in constructor. #4173

merged 1 commit into from
Aug 16, 2018

Conversation

htuch
Copy link
Member

@htuch htuch commented Aug 15, 2018
edited
Loading

This came up while addressing oss-fuzz issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9335 in
#4171.

Without this PR, the server would shutdown non-gracefully, with TLS
posts still possible to deleted worker thread dispatchers, resulting
in heap-user-after-free. Protobuf was throwing a CHECK exception, which
was not picked up as EnvoyException.

Risk level: Low
Testing: Unit tests added, corpus entry is in
#4171.

Signed-off-by: Harvey Tuch [email protected]

@htuch
server: handle non-EnvoyExceptions safely if thrown in constructor.
b9053aa 
This came up while addressing oss-fuzz issue
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9335 in
envoyproxy#4171.

Without this PR, the server would shutdown non-gracefully, with TLS
posts still possible to deleted workerer thread dispatchers, resulting
in heap-user-after-free. Protobuf was throwing a CHECK exception, which
was not picked up as EnvoyException.

Risk level: Low
Testing: Unit tests added, corpus entry is in
envoyproxy#4171.

Signed-off-by: Harvey Tuch <[email protected]>
@htuch htuch requested a review from mattklein123 August 15, 2018 23:29
mattklein123
mattklein123 reviewed Aug 16, 2018
View reviewed changes
Copy link
Member

@mattklein123 mattklein123 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With this change we will still end up not catching and exiting due to exception and/or dumping core, right? (This just keeps the asserts from being hit?)

@htuch
Copy link
Member Author

htuch commented Aug 16, 2018
edited
Loading

@mattklein123 we still propagate the error out, yeah, this just ensures we cleanup the partially constructed InstanceImpl before continuing the throw.

@htuch htuch merged commit 497efb9 into envoyproxy:master Aug 16, 2018
@htuch htuch deleted the unknown-exception-fix branch August 16, 2018 16:29
rshriram pushed a commit to rshriram/envoy that referenced this pull request Oct 30, 2018
@PiotrSikora @istio-testing
Update Envoy SHA to latest with MetricImpl optimizations. (envoyproxy…
c9d2230 
…#1938)

This is far from finished, but it reduces memory usage by ~10%.

Pulling the following changes from github.com/envoyproxy/envoy:

c1cc68d stats: refactoring MetricImpl without strings (envoyproxy#4190)
36809d8 fuzz: coverage profile generation instructions. (envoyproxy#4193)
ba40cc9 upstream: rebuild cluster when health check config is changed (envoyproxy#4075)
05c0d52 build: use clang-6.0. (envoyproxy#4168)
01f403e thrift_proxy: introduce header transport (envoyproxy#4082)
564d256 tcp: allow connection pool callers to store protocol state (envoyproxy#4131)
3e1d643 configs: match latest API changes (envoyproxy#4185)
bc6a10c Fix wrong mock function name. (envoyproxy#4187)
e994c1c Bump yaml-cpp so it builds with Visual Studio 15.8 (envoyproxy#4182)
3d1325e Converting envoy configs to V2 (envoyproxy#2957)
8d0680f Add timestamp to HealthCheckEvent definition (envoyproxy#4119)
497efb9 server: handle non-EnvoyExceptions safely if thrown in constructor. (envoyproxy#4173)
6d6fafd config: strengthen validation for gRPC config sources. (envoyproxy#4171)
132302c fuzz: reduce log level when running under fuzz engine. (envoyproxy#4161)
7c04ac2 test: fix V6EmptyOptions in coverage with IPv6 enable (envoyproxy#4155)
1b2219b ci: remove deprecated bazel --batch option (envoyproxy#4166)
2db6a4c ci: update clang to version 6.0 in the Ubuntu build image. (envoyproxy#4157)
71152b7 ratelimit: Add ratelimit custom response headers (envoyproxy#4015)
3062874 ssl: make Ssl::Connection const everywhere (envoyproxy#4179)
706e262 Handle validation of non expiring tokens in jwt_authn filter (envoyproxy#4007)
f06e958 fuzz: tag trivial fuzzers with no_fuzz. (envoyproxy#4156)
27fb1d3 thrift_proxy: add service name matching to router implementation (envoyproxy#4130)
8c189a5 Make over provisioning factor configurable (envoyproxy#4003)
6c08fb4 Making test less flaky (envoyproxy#4149)
592775b fuzz: bare bones HCM fuzzer. (envoyproxy#4118)

For istio/istio#7912.

Signed-off-by: Piotr Sikora <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mattklein123 mattklein123 mattklein123 approved these changes

Assignees

@mattklein123 mattklein123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@htuch @mattklein123