Closed
Bug 810152
Opened 13 years ago
Closed 13 years ago
spdy 0 length no fin data frame handling
Categories
(Core :: Networking: HTTP, defect)
Tracking
()
RESOLVED
FIXED
mozilla19
People
(Reporter: mcmanus, Assigned: mcmanus)
Details
(Whiteboard: [spdy])
Attachments
(1 file)
|
1.62 KB,
patch
|
mayhemer
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
a legit data frame of length 0 and no fin bit causes the stream to loop without end and the page load to hang. This frame has no purpose (it carries no information) but is legal.
A 0 length frame bearing a fin bit is handled fine.
The problem is that the eventual call to nshttpconnection->OnWriteSegment() returns an error for size 0 and this causes the check that would determine the frame was done reading in spdysession::onwritesegment() to be bypassed - and no progress is made to just scan for the next frame header.
|
Assignee | |
Comment 1•13 years ago
|
||
Attachment #679917 -
Flags: review?(honzab.moz)
|
||
Comment 2•13 years ago
|
||
Comment on attachment 679917 [details] [diff] [review]
patch 0
Review of attachment 679917 [details] [diff] [review]:
-----------------------------------------------------------------
::: netwerk/protocol/http/SpdySession2.cpp
@@ +368,5 @@
> + if (!count) {
> + *countWritten = 0;
> + return NS_OK;
> + }
> +
White space (see splinter).
Attachment #679917 -
Flags: review?(honzab.moz) → review+
|
|
Assignee | |
Comment 3•13 years ago
|
||
|
||
Comment 4•13 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/823b82e784f5
Should this have a test?
Status: NEW → RESOLVED
Closed: 13 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Target Milestone: --- → mozilla19
|
|
Assignee | |
Comment 5•13 years ago
|
||
Comment on attachment 679917 [details] [diff] [review]
patch 0
[Approval Request Comment]
Bug caused by (feature/regressing bug #): original spdy bug
User impact if declined: interop problems with new spdy implementations
Testing completed (on m-c, etc.): on m-c
Risk to taking this patch (and alternatives if risky): a new service deploying spdy would not be interoperable with firefox. The server can work around this. This behavior does not occur with any of the current high profile spdy deployments, but this was reported to me by another site doing a spdy implementation and they found this issue.
String or UUID changes made by this patch: none
we're at a stage with spdy that there are a lot more implementations coming on line and that is resulting in broader interop testing, so more corner cases like this one are coming to light.
Attachment #679917 -
Flags: approval-mozilla-aurora?
|
|
||
Updated•13 years ago
|
Attachment #679917 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
||
Comment 6•13 years ago
|
||
status-firefox18:
--- → fixed
status-firefox19:
--- → fixed
You need to log in
before you can comment on or make changes to this bug.
Description
•