New issue
Advanced search Search tips

Issue 810763 link

Starred by 1 user
Status: Fixed
Owner:
b...@chromium.org
Closed: Feb 2018
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

NOTREACHED() triggers in SpdyStream on invalid network data.

Project Member Reported by b...@chromium.org, Feb 9 2018 
If a stream is open with a HEADERS frame with no END_STREAM flag (for example, a POST request), and the server sends a response HEADERS frame with an END_STREAM flag (so that the stream gets into half closed (remote) state), then DATA frame, then the NOTREACHED() fails in spdy_stream.cc on line 524 [1].  Instead, the stream should be closed with STREAM_CLOSED:

"If an endpoint receives additional frames, other than WINDOW_UPDATE, PRIORITY, or RST_STREAM, for a stream that is in this state, it MUST respond with a stream error (Section 5.4.2) of type STREAM_CLOSED." RFC 7540 Section 7.1 [2]

[1] https://cs.chromium.org/chromium/src/net/spdy/chromium/spdy_stream.cc?q=NOTREACHED&l=524
[2] http://httpwg.org/specs/rfc7540.html#StreamStates
Project Member

Comment 1 by bugdroid1@chromium.org, Feb 9 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/cf3fd8a41eb5f316daed0739a088398a2461b1f8

commit cf3fd8a41eb5f316daed0739a088398a2461b1f8
Author: Bence Béky <bnc@chromium.org>
Date: Fri Feb 09 20:15:47 2018

Signal error on DATA on half closed HTTP/2 stream.

Reset the stream with STREAM_CLOSED if a DATA frame is received
on an HTTP/2 stream in half closed (remote) state.

I locally verified that the NOTREACHED() at spdy_stream.cc:524 is
triggered by the regression test without the change in spdy_stream.cc.

Bug:  810763 
Change-Id: I8f9b0228c80af3e720efd5fdc590cf59be246f22
Reviewed-on: https://chromium-review.googlesource.com/911688
Reviewed-by: Ryan Hamilton <rch@chromium.org>
Commit-Queue: Bence Béky <bnc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#535804}
[modify] https://crrev.com/cf3fd8a41eb5f316daed0739a088398a2461b1f8/net/spdy/chromium/spdy_stream.cc
[modify] https://crrev.com/cf3fd8a41eb5f316daed0739a088398a2461b1f8/net/spdy/chromium/spdy_stream_unittest.cc

Comment 2 by b...@chromium.org, Feb 12 2018

Status: Fixed (was: Started)

Sign in to add a comment