net/http, x/net/http2: page fails to load with http2 server push due to underflow #63511
Comments
|
I've looked at the code and in case the stream has been reset before See: 24ae2d9#diff-3ed0cda0a3f5adc3e3db797faf92c20e94be976c09023410295d04d9ae946d98R6151 |
seankhliao
added
the
NeedsInvestigation
|
cc @neild |
|
Looks like there is an underflow in |
|
@gopherbot, please backport to Go 1.21.4 |
|
Backport issue(s) opened: #63560 (for 1.21). Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases. |
|
@gopherbot, please backport to Go 1.20.11 |
After CL534295 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers. There is one place that calls runHandler without incrementing curHandlers. Fixes golang#63511
|
Change https://go.dev/cl/535575 mentions this issue: |
|
@MagicalTux Could you please update the issue title to include x/net/http2 alongside net/http? Thanks |
After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. There is one place that calls runHandler without incrementing curHandlers. Seems to only affect http.Pusher. For golang/go#63511
|
@gopherbot add NeedsFix, release-blocker |
gopherbot
added
NeedsFix
|
Change https://go.dev/cl/535595 mentions this issue: |
MagicalTux
changed the title
|
kindly CC @neild |
|
@seankhliao could you please update the issue title to smth akin to |
dmitshur
changed the title
After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. The func startPush calls runHandler without incrementing curHandlers. Seems to only affect users of http.Pusher. For golang/go#63511 Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320 GitHub-Last-Rev: 249fe55 GitHub-Pull-Request: #197 Reviewed-on: https://go-review.googlesource.com/c/net/+/535595 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
This comment was marked as duplicate.
This comment was marked as duplicate.
|
Also needs a 1.20 backport. |
|
Change https://go.dev/cl/537715 mentions this issue: |
Verify that repeated requests resulting in a PUSH_PROMISE result all complete successfully, validating the fix in CL 535595. For golang/go#63511 Change-Id: I6bebdcfcecb6c53f076e4ac6873d61a150d1040e Reviewed-on: https://go-review.googlesource.com/c/net/+/537715 Auto-Submit: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: Mauri de Souza Meneguzzo <mauri870@gmail.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
|
Change https://go.dev/cl/538095 mentions this issue: |
|
Change https://go.dev/cl/537996 mentions this issue: |
|
Change https://go.dev/cl/537956 mentions this issue: |
|
Change https://go.dev/cl/537957 mentions this issue: |
…push After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. The func startPush calls runHandler without incrementing curHandlers. Seems to only affect users of http.Pusher. For golang/go#63511 For golang/go#63740 Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320 GitHub-Last-Rev: 249fe55 GitHub-Pull-Request: #197 Reviewed-on: https://go-review.googlesource.com/c/net/+/535595 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com> (cherry picked from commit 37479d6) Reviewed-on: https://go-review.googlesource.com/c/net/+/537956 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
…push After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. The func startPush calls runHandler without incrementing curHandlers. Seems to only affect users of http.Pusher. For golang/go#63511 For golang/go#63560 Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320 GitHub-Last-Rev: 249fe55 GitHub-Pull-Request: #197 Reviewed-on: https://go-review.googlesource.com/c/net/+/535595 Reviewed-by: Damien Neil <dneil@google.com> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com> (cherry picked from commit 37479d6) Reviewed-on: https://go-review.googlesource.com/c/net/+/537957 Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
…/http2 After CL 534295 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. Pull in a fix from x/net/http2: http2: fix underflow in http2 server push https://go-review.googlesource.com/c/net/+/535595 For #63511 Fixes #63740 Change-Id: I5c678ce7dcc53635f3ad5e4999857cb120dfc1ab GitHub-Last-Rev: 587ffa3 GitHub-Pull-Request: #63561 Reviewed-on: https://go-review.googlesource.com/c/go/+/535575 Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit 0046c14) Reviewed-on: https://go-review.googlesource.com/c/go/+/538095 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Cherry Mui <cherryyz@google.com>
…/http2 After CL 534295 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. Pull in a fix from x/net/http2: http2: fix underflow in http2 server push https://go-review.googlesource.com/c/net/+/535595 For #63511 Fixes #63560 Change-Id: I5c678ce7dcc53635f3ad5e4999857cb120dfc1ab GitHub-Last-Rev: 587ffa3 GitHub-Pull-Request: #63561 Reviewed-on: https://go-review.googlesource.com/c/go/+/535575 Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com> Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org> Reviewed-by: Dmitri Shuralyov <dmitshur@google.com> Reviewed-by: David Chase <drchase@google.com> Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> (cherry picked from commit 0046c14) Reviewed-on: https://go-review.googlesource.com/c/go/+/537996 Reviewed-by: Cherry Mui <cherryyz@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
What version of Go are you using (
go version)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env)?go envOutputWhat did you do?
Running a http server using
http.Pusherto push a specific resource to the brower.We updated in emergency to
go1.21.3following the http2 fast reset issue, this caused all the sites we use to fail to load on firefox and safari until we commented the use ofhttp.Pusher.I think this looks suspiciously a lot similar to #17777
What did you expect to see?
Page should work fine.
What did you see instead?
Only the initial page loads, and somehow firefox refuses to load the rest, either remaining blank or erroring with
NS_BINDING_ABORTED. Firefox didn't provide any useful information to debug this issue, but not usinghttp.Pusherfixed it.The text was updated successfully, but these errors were encountered: