Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SimpleMergedByteBuffers: ArrayOutOfBounds Fix #71

Merged
merged 1 commit into from
Oct 25, 2019
Merged

SimpleMergedByteBuffers: ArrayOutOfBounds Fix #71

merged 1 commit into from
Oct 25, 2019

Conversation

jentfoo
Copy link
Member

@jentfoo jentfoo commented Oct 25, 2019

This fixes SimpleMergedByteBuffers.getNextBuffer to avoid an ArrayOutOfBounds fix when the buffer has been fully consumed.
We must always check the currentBuffer index before we can attempt to access the array.
In addition the EMPTY_BUFFER_ARRAY can not contain the empty buffer because it makes logic which compares the array length invalid.

@jentfoo
SimpleMergedByteBuffers: ArrayOutOfBoundsFix
9f78665 
This fixes SimpleMergedByteBuffers.getNextBuffer to avoid an ArrayOutOfBounds fix when the buffer has been fully consumed.
We must always check the currentBuffer index before we can attempt to access the array.
In addition the EMPTY_BUFFER_ARRAY can not contain the empty buffer because it makes logic which compares the array length invalid.
@jentfoo jentfoo changed the title SimpleMergedByteBuffers: ArrayOutOfBoundsFix SimpleMergedByteBuffers: ArrayOutOfBounds Fix Oct 25, 2019
@lwahlmeier
Copy link
Member

lgtm

@jentfoo jentfoo merged commit 9f78665 into threadly:master Oct 25, 2019
@jentfoo jentfoo mentioned this pull request Dec 7, 2019
Closed
jentfoo added a commit to jentfoo/litesockets that referenced this pull request Feb 13, 2020
@jentfoo
SSL hang / timeout fix
6de436c 
This fixes ssl, which can be seen using litesockets-http-client when using https.  The behavior would be the start of the handshake which would eventually hang.
This regression was introduced in this PR: threadly#71
The specific flaw was introduced when the .duplicate() was removed here: https://github.com/threadly/litesockets/pull/71/files#diff-851d3597731b2cecc83331ede7aec7ebL143

It seems for SSL to work correctly we need to make sure that the MergedByteBuffer does not work against the original ByteBuffer that was originally passed in.
This fixes that behavior by making sure that when ByteBuffers are added (or provided at construction), we do this .duplicate() then.  This way when buffers are leaving the MergedByteBuffer we know it already has an independent experience from the one provided initially.  The goal being that by having this duplicate action happen at a consistent point will make this safer.
Overall I don't think we really add any .duplicate() actions, if anything at times we might have less.  With it happening at the start we can safely avoid duplicate calls at other points we had them previously.
jentfoo added a commit to jentfoo/litesockets that referenced this pull request Feb 13, 2020
@jentfoo
SSL hang / timeout fix
affc99f 
This fixes ssl, which can be seen using litesockets-http-client when using https.  The behavior would be the start of the handshake which would eventually hang.
This regression was introduced in this PR: threadly#71
The specific flaw was introduced when the .duplicate() was removed here: https://github.com/threadly/litesockets/pull/71/files#diff-851d3597731b2cecc83331ede7aec7ebL143

It seems for SSL to work correctly we need to make sure that the MergedByteBuffer does not work against the original ByteBuffer that was originally passed in.
This fixes that behavior by making sure that when ByteBuffers are added (or provided at construction), we do this .duplicate() then.  This way when buffers are leaving the MergedByteBuffer we know it already has an independent experience from the one provided initially.  The goal being that by having this duplicate action happen at a consistent point will make this safer.
Overall I don't think we really add any .duplicate() actions, if anything at times we might have less.  With it happening at the start we can safely avoid duplicate calls at other points we had them previously.
@jentfoo jentfoo mentioned this pull request Feb 13, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lwahlmeier lwahlmeier lwahlmeier approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jentfoo @lwahlmeier