Skip to content

HTTPCLIENT-2352: Improved flow control window handling to prevent overflow/underflow#510

Closed
arturobernalg wants to merge 1 commit intoapache:masterfrom
arturobernalg:HTTPCLIENT-2352
Closed

HTTPCLIENT-2352: Improved flow control window handling to prevent overflow/underflow#510
arturobernalg wants to merge 1 commit intoapache:masterfrom
arturobernalg:HTTPCLIENT-2352

Conversation

@arturobernalg
Copy link
Member

@arturobernalg arturobernalg commented Dec 20, 2024

This PR addresses issues related to the flow control window management in the HTTP/2 implementation of Apache HttpClient. Specifically, it ensures that flow control window updates do not cause ArithmeticException due to overflow or underflow.

@arturobernalg
HTTPCLIENT-2352: Improved flow control window handling to prevent ove…
412615b 
…rflow/underflow

- Updated `updateWindow` method to cap the flow control window at `Integer.MAX_VALUE` and `Integer.MIN_VALUE`, avoiding `ArithmeticException` during updates.
- Modified `maximizeConnWindow` to account for the capped behavior, ensuring seamless operation within flow control limits.
@arturobernalg arturobernalg requested a review from ok2c December 20, 2024 21:19
garydgregory
garydgregory reviewed Dec 20, 2024
View reviewed changes
...re5-h2/src/test/java/org/apache/hc/core5/http2/impl/nio/TestAbstractH2StreamMultiplexer.java
// Test non-overflow scenario for both implementations
window = new AtomicInteger(1);
final int resultNewSafe = updateWindowNew(window, Integer.MAX_VALUE / 2 - 1);
System.out.println("New safe update result: " + resultNewSafe);
Copy link
Member

@garydgregory garydgregory Dec 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we should write to the console.

@ok2c
Copy link
Member

ok2c commented Dec 21, 2024

@arturobernalg I am sorry but this is really not a good idea. We cannot just disable the data window overflow check and hope for the best. HTTP/2 endpoints can make mistakes in calculating their data windows. We need to detect those mistakes and report them as protocol violations

@arturobernalg
Copy link
Member Author

arturobernalg commented Dec 21, 2024

@arturobernalg I am sorry but this is really not a good idea. We cannot just disable the data window overflow check and hope for the best. HTTP/2 endpoints can make mistakes in calculating their data windows. We need to detect those mistakes and report them as protocol violations

@ok2c I see your point about not bypassing the overflow check. How about keeping the protocol violation handling by throwing an H2ConnectionException on overflow? This way, we still catch misbehaving endpoints without silently ignoring the issue.


    private int updateWindow(final AtomicInteger window, final int delta) throws H2ConnectionException {
        for (;;) {
            final int current = window.get();
            final long newValue = (long) current + delta;

            if (newValue > Integer.MAX_VALUE || newValue < Integer.MIN_VALUE) {
                throw new H2ConnectionException(H2Error.FLOW_CONTROL_ERROR,
                        "Flow control window exceeded: " + newValue);
            }

            if (window.compareAndSet(current, (int) newValue)) {
                return (int) newValue;
            }
        }
    }

@ok2c
Copy link
Member

ok2c commented Dec 21, 2024 

        if (newValue > Integer.MAX_VALUE || newValue < Integer.MIN_VALUE) {
            throw new H2ConnectionException(H2Error.FLOW_CONTROL_ERROR,
                    "Flow control window exceeded: " + newValue);
        }

@arturobernalg This is hardly any different to what we have now, slightly more readable and slightly less efficient.

I would like to see protocol logs with the exception and ideally a reproducer before any changes are made.

@arturobernalg
Copy link
Member Author

arturobernalg commented Dec 21, 2024 

        if (newValue > Integer.MAX_VALUE || newValue < Integer.MIN_VALUE) {
            throw new H2ConnectionException(H2Error.FLOW_CONTROL_ERROR,
                    "Flow control window exceeded: " + newValue);
        }

@arturobernalg This is hardly any different to what we have now, slightly more readable and slightly less efficient.

I would like to see protocol logs with the exception and ideally a reproducer before any changes are made.

Fair enough @ok2c

@ok2c
Copy link
Member

ok2c commented Jan 3, 2025

Superseded by #511

@ok2c ok2c closed this Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@garydgregory garydgregory garydgregory left review comments

@ok2c ok2c Awaiting requested review from ok2c

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@arturobernalg @ok2c @garydgregory