Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Intermittent panic in is_complete_fast #3811

Closed
jdm opened this issue Dec 16, 2024 · 2 comments · Fixed by #3812
Closed

Intermittent panic in is_complete_fast #3811

jdm opened this issue Dec 16, 2024 · 2 comments · Fixed by #3812
Assignees
Labels
A-http1 Area: HTTP/1 specific. C-bug Category: bug. Something is wrong. This is bad! E-easy Effort: easy. A task that would be a great starting point for a new contributor.

Comments

@jdm
Copy link

jdm commented Dec 16, 2024

Version
1.5.1

Platform
Darwin ghost.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:19:05 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T8112 arm64

Description
Hyper client can panic when processing broken up 1xx HTTP1 responses.

When a server responds with HTTP/1.1 100 Continue\r\nContent-Type: text/plain\r\nServer: BaseHTTP/0.6 Python/3.12.5\r\nDate: Mon, 16 Dec 2024 03:08:27 GMT\r\n\r\nThis is a sample text/plain document.\n\nThis is not an HTML document.\n\n, it's possible for hyper to first read HTTP/1.1 100 Continue\r\nContent-Type: text/plain\r\nServer: BaseHTTP/0.6 Python/3.12.5\r\nDate: Mon, 16 Dec 2024 03:08:27 GMT\r\n\r\n, followed by This is a sample text/plain document.\n\nThis is not an HTML document.\n\n.

This triggers a panic in the code introduced in #3764, since the prev_length value stored after the first response is longer than the length of the second response.

This has been hit independently by both deno and Servo upon upgrading to hyper 1.5.1, since there are web-platform-tests that exercise 1xx responses: https://github.com/web-platform-tests/wpt/blob/master/fetch/security/1xx-response.any.js

@jdm jdm added the C-bug Category: bug. Something is wrong. This is bad! label Dec 16, 2024
@seanmonstar seanmonstar self-assigned this Dec 16, 2024
@seanmonstar seanmonstar added E-easy Effort: easy. A task that would be a great starting point for a new contributor. A-http1 Area: HTTP/1 specific. labels Dec 16, 2024
@seanmonstar
Copy link
Member

Thanks for the sample code, I'll get this fixed today 🫡

@seanmonstar
Copy link
Member

Published in v1.5.2 (and v0.14.32). Thanks again!

GlenDC added a commit to plabayo/rama that referenced this issue Dec 27, 2024
Changelog:

### v1.5.2 (2024-12-16)

#### Bug Fixes

* **http1:**
  * fix intermitent panic parsing partial headers (#3812) ([a131111f](hyperium/hyper@a131111), closes [#3811](hyperium/hyper#3811))
  * skip debug assertion of content length for HEAD responses (#3795) ([eaf2267c](hyperium/hyper@eaf2267), closes [#3794](hyperium/hyper#3794))

Release url: <https://github.com/hyperium/hyper/releases/tag/v1.5.2>
Raw changelog: <hyperium/hyper@v1.5.1...v1.5.2>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A-http1 Area: HTTP/1 specific. C-bug Category: bug. Something is wrong. This is bad! E-easy Effort: easy. A task that would be a great starting point for a new contributor.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants