-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zlib upgrade broke known vectors #50138
Comments
cc: @Adenilson |
Why do you think 660f902 is involved in the issue? |
It was/is my limited understanding that the zlib output is deterministic. Whilst I can confirm the different versions can inflate/deflate each other this change in output is unexpected, to me at least. I can mark the jose test as not reproducible to have it not check equal outputs but the cookbook of these vectors does not mention the zlib deflate output to be variable. |
I also tested this. Let's wait a little to see if we can get some feedback from @Adenilson. |
Sounds good, i'll also wait on marking the test as non-deterministic in the jose test suite then. |
It's not. The only requirement is that it properly round-trips. I'll go ahead and close this. |
Fair enough. Thank you @bnoordhuis I'm left yearning more details though if you would find the time. |
That is correct (i.e. the requirement is that it round-trips and its compatible with other implementations). I will repost here a comment related to the subject that I made during the review of the first landed patch: Unfortunately, there are tests that compare compressed content in different ways. It seems to be a common behavior by client code to assume some sort of 'binary stability' when it comes to gzip compressed streams. There are no such guarantees even between releases of zlib and I've spent quite some time suggesting that people should compare decompressed content while writing tests. Basically if there are changes in the way that we perform matches (i.e. longest_match) or in the way we keep track of those in a hash table (i.e. by changing the hashing function), the compressed output will be different but still a valid GZIP stream that must be compatible with other implementations. As an experiment, try to compress a given file using canonical zlib (it uses a Rabin-Karp hash) and compare what other forks (e.g. Chromium zlib now uses ANZAC++, before we were using CRC-32) will produce and it should be different. But they must be compatible with each other (e.g. compress with one library, decompress with another and vice-versa) and the decompressed result must match with the original input. I hope that helps to clarify the subject and feel free to contact me if you run in any issues. |
For context, the test that triggered the revert of the original patch turned out to be flakey: |
The snapshots are compressed differently in Node.js 21. The compression has been stable for many versions but that is not a guarantee, see nodejs/node#50138 for background. Change tests to compare the decompressed data instead.
The snapshots are compressed differently in Node.js 21. The compression has been stable for many versions but that is not a guarantee, see nodejs/node#50138 for background. Change tests to compare the decompressed data instead.
The snapshots are compressed differently in Node.js 21. The compression has been stable for many versions but that is not a guarantee, see nodejs/node#50138 for background. Change tests to compare the decompressed data instead.
* Drop support for Node.js 16 * Change expected Node.js 18 to 18.18 * Change expected Node.js 20 to 20.8 * Add Node.js 21 to the test matrix * Change snapshot tests to compare decompressed bitstreams The snapshots are compressed differently in Node.js 21. The compression has been stable for many versions but that is not a guarantee, see nodejs/node#50138 for background. Change tests to compare the decompressed data instead.
See nodejs/citgm#1011
I suggest to revert the following commits and add unit tests for more known vectors to prevent breaking updates in the future.
cc @alfonsograziano @lpinca @aduh95
The text was updated successfully, but these errors were encountered: