Fix NPE when upgrade message fails to aggregate#14816
Merged
Conversation
Motivation: When an HTTP message fails to aggregate, for example due to an invalid 'Expect' header, MessageAggregator does not produce a FullHttpRequest. HttpServerUpgradeHandler would then continue with the next request, wrongly believing it to be an upgrade request, even though only the previous one was. This produces an NPE: ``` Caused by: java.lang.NullPointerException: Cannot invoke "java.lang.CharSequence.length()" because "header" is null at io.netty.handler.codec.http.HttpServerUpgradeHandler.splitHeader(HttpServerUpgradeHandler.java:429) at io.netty.handler.codec.http.HttpServerUpgradeHandler.upgrade(HttpServerUpgradeHandler.java:328) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:290) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:40) at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:91) ... 35 common frames omitted ``` Modification: When the upgrade handler sees a LastHttpContent, cancel the current upgrade and cancel aggregation. Result: No NPE for this input. Found by fuzzing.
chrisvest
reviewed
Feb 13, 2025
| } | ||
|
|
||
| private void releaseCurrentMessage() { | ||
| protected final void releaseCurrentMessage() { |
Member
There was a problem hiding this comment.
Maybe the compatibility checkers would like it more if this wasn't final.
Contributor
Author
|
Yes, but it seemed like a weird method to allow extension of. But maybe
worth it to avoid the binary incompatibility, even if minor.
Though I think it might still be source incompatible?
…On Thu, Feb 13, 2025, 23:22 Chris Vest ***@***.***> wrote:
***@***.**** commented on this pull request.
------------------------------
In codec/src/main/java/io/netty/handler/codec/MessageAggregator.java
<#14816 (comment)>:
> @@ -460,12 +460,12 @@ public void handlerRemoved(ChannelHandlerContext ctx) throws Exception {
}
}
- private void releaseCurrentMessage() {
+ protected final void releaseCurrentMessage() {
Maybe the compatibility checkers would like it more if this wasn't final.
—
Reply to this email directly, view it on GitHub
<#14816 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AASIZIKBIEATM277PVRRHSD2PULL5AVCNFSM6AAAAABXCEHJGSVHI2DSMVQWIX3LMV43YUDVNRWFEZLROVSXG5CSMV3GSZLXHMZDMMJWGM2TCMBWGI>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
normanmaurer
approved these changes
Feb 15, 2025
chrisvest
pushed a commit
to chrisvest/netty
that referenced
this pull request
Feb 18, 2025
Motivation: When an HTTP message fails to aggregate, for example due to an invalid 'Expect' header, MessageAggregator does not produce a FullHttpRequest. HttpServerUpgradeHandler would then continue with the next request, wrongly believing it to be an upgrade request, even though only the previous one was. This produces an NPE: ``` Caused by: java.lang.NullPointerException: Cannot invoke "java.lang.CharSequence.length()" because "header" is null at io.netty.handler.codec.http.HttpServerUpgradeHandler.splitHeader(HttpServerUpgradeHandler.java:429) at io.netty.handler.codec.http.HttpServerUpgradeHandler.upgrade(HttpServerUpgradeHandler.java:328) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:290) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:40) at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:91) ... 35 common frames omitted ``` Modification: When the upgrade handler sees a LastHttpContent, cancel the current upgrade and cancel aggregation. Result: No NPE for this input. Found by fuzzing.
chrisvest
pushed a commit
to chrisvest/netty
that referenced
this pull request
Feb 18, 2025
Motivation: When an HTTP message fails to aggregate, for example due to an invalid 'Expect' header, MessageAggregator does not produce a FullHttpRequest. HttpServerUpgradeHandler would then continue with the next request, wrongly believing it to be an upgrade request, even though only the previous one was. This produces an NPE: ``` Caused by: java.lang.NullPointerException: Cannot invoke "java.lang.CharSequence.length()" because "header" is null at io.netty.handler.codec.http.HttpServerUpgradeHandler.splitHeader(HttpServerUpgradeHandler.java:429) at io.netty.handler.codec.http.HttpServerUpgradeHandler.upgrade(HttpServerUpgradeHandler.java:328) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:290) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:40) at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:91) ... 35 common frames omitted ``` Modification: When the upgrade handler sees a LastHttpContent, cancel the current upgrade and cancel aggregation. Result: No NPE for this input. Found by fuzzing.
normanmaurer
pushed a commit
that referenced
this pull request
Feb 18, 2025
Motivation: When an HTTP message fails to aggregate, for example due to an invalid 'Expect' header, MessageAggregator does not produce a FullHttpRequest. HttpServerUpgradeHandler would then continue with the next request, wrongly believing it to be an upgrade request, even though only the previous one was. This produces an NPE: ``` Caused by: java.lang.NullPointerException: Cannot invoke "java.lang.CharSequence.length()" because "header" is null at io.netty.handler.codec.http.HttpServerUpgradeHandler.splitHeader(HttpServerUpgradeHandler.java:429) at io.netty.handler.codec.http.HttpServerUpgradeHandler.upgrade(HttpServerUpgradeHandler.java:328) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:290) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:40) at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:91) ... 35 common frames omitted ``` Modification: When the upgrade handler sees a LastHttpContent, cancel the current upgrade and cancel aggregation. Result: No NPE for this input. Found by fuzzing. Co-authored-by: Jonas Konrad <jonas.konrad@oracle.com>
normanmaurer
pushed a commit
that referenced
this pull request
Feb 18, 2025
Motivation: When an HTTP message fails to aggregate, for example due to an invalid 'Expect' header, MessageAggregator does not produce a FullHttpRequest. HttpServerUpgradeHandler would then continue with the next request, wrongly believing it to be an upgrade request, even though only the previous one was. This produces an NPE: ``` Caused by: java.lang.NullPointerException: Cannot invoke "java.lang.CharSequence.length()" because "header" is null at io.netty.handler.codec.http.HttpServerUpgradeHandler.splitHeader(HttpServerUpgradeHandler.java:429) at io.netty.handler.codec.http.HttpServerUpgradeHandler.upgrade(HttpServerUpgradeHandler.java:328) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:290) at io.netty.handler.codec.http.HttpServerUpgradeHandler.decode(HttpServerUpgradeHandler.java:40) at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:91) ... 35 common frames omitted ``` Modification: When the upgrade handler sees a LastHttpContent, cancel the current upgrade and cancel aggregation. Result: No NPE for this input. Found by fuzzing. --------- Co-authored-by: Jonas Konrad <jonas.konrad@oracle.com>
dongjoon-hyun
added a commit
to apache/spark
that referenced
this pull request
Mar 4, 2025
### What changes were proposed in this pull request? This PR aims to Upgrade Netty to 4.1.119.Final. ### Why are the changes needed? - https://github.com/netty/netty/milestone/309?closed=1 - netty/netty#14855 - netty/netty#14830 - netty/netty#14816 - netty/netty#14810 ### Does this PR introduce _any_ user-facing change? No behavior change. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #50150 from dongjoon-hyun/SPARK-51387. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
dongjoon-hyun
added a commit
to apache/spark
that referenced
this pull request
Mar 4, 2025
### What changes were proposed in this pull request? This PR aims to Upgrade Netty to 4.1.119.Final. ### Why are the changes needed? - https://github.com/netty/netty/milestone/309?closed=1 - netty/netty#14855 - netty/netty#14830 - netty/netty#14816 - netty/netty#14810 ### Does this PR introduce _any_ user-facing change? No behavior change. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes #50150 from dongjoon-hyun/SPARK-51387. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 3d949af) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
dongjoon-hyun
added a commit
to dongjoon-hyun/spark
that referenced
this pull request
Mar 5, 2025
### What changes were proposed in this pull request? This PR aims to Upgrade Netty to 4.1.119.Final. ### Why are the changes needed? - https://github.com/netty/netty/milestone/309?closed=1 - netty/netty#14855 - netty/netty#14830 - netty/netty#14816 - netty/netty#14810 ### Does this PR introduce _any_ user-facing change? No behavior change. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#50150 from dongjoon-hyun/SPARK-51387. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit 3d949af) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
zifeif2
pushed a commit
to zifeif2/spark
that referenced
this pull request
Nov 14, 2025
### What changes were proposed in this pull request? This PR aims to Upgrade Netty to 4.1.119.Final. ### Why are the changes needed? - https://github.com/netty/netty/milestone/309?closed=1 - netty/netty#14855 - netty/netty#14830 - netty/netty#14816 - netty/netty#14810 ### Does this PR introduce _any_ user-facing change? No behavior change. ### How was this patch tested? Pass the CIs. ### Was this patch authored or co-authored using generative AI tooling? No. Closes apache#50150 from dongjoon-hyun/SPARK-51387. Authored-by: Dongjoon Hyun <dongjoon@apache.org> Signed-off-by: Dongjoon Hyun <dongjoon@apache.org> (cherry picked from commit e84c345) Signed-off-by: Dongjoon Hyun <dongjoon@apache.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation:
When an HTTP message fails to aggregate, for example due to an invalid 'Expect' header, MessageAggregator does not produce a FullHttpRequest. HttpServerUpgradeHandler would then continue with the next request, wrongly believing it to be an upgrade request, even though only the previous one was. This produces an NPE:
Modification:
When the upgrade handler sees a LastHttpContent, cancel the current upgrade and cancel aggregation.
Result:
No NPE for this input.
Found by fuzzing.