net/http: panic "slice bounds out of range" while reading chunked response body #22330
Comments
|
A short investigation points to a data race between the |
|
Thank you for the report. Do you have a minimal reproduction that we can run? |
dsnet
added
the
NeedsInvestigation
|
@dsnet not yet, i'm still working on one but it's proving to be quite tricky to trigger. I'll update the ticket as soon as I have a reproduction. |
|
\cc @tombergan |
|
Can you say more about "REDACTED http handler", specifically, what the copy is copying? |
|
Does the error occur with 1.9? |
|
The handler is running a modified version of I'm only able to trigger the panic & data race in a production environment where running 1.9/tip is not an option. If I'm able to reproduce it locally I will be sure to test with go1.9 and tip. |
|
This program reproduces the data race: https://play.golang.org/p/QztsfgNHNr It looks like the data race is triggered by a 304 response that has a chunked encoded empty body. |
|
I'm not really following this thread (still on leave), but of note: a 304 response never has a body. https://tools.ietf.org/html/rfc7230#section-3.3.3 says:
If Go is processing a server saying:
It would stop after the first Any server sending such a response is buggy, but I agree that Go shouldn't have a data race when handling an invalid response, if that's indeed what's happening here. (I haven't looked.) |
|
Change https://golang.org/cl/71910 mentions this issue: |
|
@benburkert, I realize now you said the exact same thing. I had looked at your play.golang.org snippet, came back to comment, and never read your very next sentence. Sorry. |
|
@bradfitz no worries, thanks for digging up the relevant section of the RFC so quickly! |
A 1XX, 204, or 304 response may not include a response body according to RFC 7230, section 3.3.3. If a buggy server returns a 204 or 304 response with a body that is chunked encoded, the invalid body is currently made readable in the Response. This can lead to data races due to the transport connection's read loop which does not wait for the body EOF when the response status is 204 or 304. The correct behavior is to ignore the body on a 204 or 304 response, and treat the body data as the beginning of the next request on the connection. Updates #22330. Change-Id: I89a457ceb783b6f66136d5bf9be0a9b0a04fa955 Reviewed-on: https://go-review.googlesource.com/71910 Reviewed-by: Tom Bergan <tombergan@google.com> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> Run-TryBot: Tom Bergan <tombergan@google.com>
|
Is there anything else to fix here? |
|
Looks done. @benburkert, let me know if you had more in mind. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version)?go version go1.8.3 linux/amd64
Does this issue reproduce with the latest release?
unknown
What operating system and processor architecture are you using (
go env)?What did you do?
A HTTP service proxies it's request to an upstream HTTP service. The upstream sends back a chunked encoded response.
What did you expect to see?
The service is expected to proxy the response from the upstream back to the downstream client.
What did you see instead?
The process sporadically panics with a
runtime error: slice bounds out of rangemessage in thebufio.(*Reader).ReadSlice.Running the service with the race detector enabled shows a data race between
net/http.(*body).readLocked()/bufio.(*Reader).ReadSlice()andnet/http.(*persistConn).readLoop()/bufio.(*Reader).Peek()that is likely related:The text was updated successfully, but these errors were encountered: