Merged
Conversation
…2945) Will allow us to cleanly add a clang-cl build in CI Signed-off-by: Sunjay Bhatia <[email protected]>
Signed-off-by: Kevin Baichoo <[email protected]>
This PR incorporates the tests that i created for the envoy examples (originally here: https://github.com/phlax/envoy-examples) It also adds a test to ensure that example configs have been added to the examples `BUILD` config (ref: #12256 (comment)) Signed-off-by: Ryan Northey <[email protected]>
Risk Level: Low Testing: Manual testing & bazel test //test/extensions/filters/http/ext_authz/... Signed-off-by: Martin Matusiak <[email protected]>
Added PGV constraint to not allow \0\n\r in serverName.Currently, header doesn't allow \0\r\n. Risk Level: Low Testing: config_test Fixes #12709 Signed-off-by: Manish Kumar <[email protected]>
When using ASLR, we need to calculate the offset before looking up symbols in order to get a correct stack trace. Signed-off-by: Raul Gutierrez Segales <[email protected]>
Covers membership criteria, role of xDS API shepherds and what the relationship with UDPA-WG is. Signed-off-by: Harvey Tuch <[email protected]>
In order to support TLS in a health check connection, a TransportSocket proto must be matched to build the proper TLS connection factory. These are matched by the repeated field transport_socket_matches in the cluster proto, which HDS is currently leaving blank when building this proto. As a result, there is not way to specify a TLS transport socket or any transport socket listed in the docs. This change adds the transport_socket_matches field to the HDS health check specifier, and adds it to the Cluster config generated by HDS, to support transport socket matches per-health check. Risk Level: Low Testing: HDS Unit tests and integration tests pass. Added unit test to test that the transport socket matcher receives the correct fields. Added two integration tests with a TLS configuration, one over HTTP and one over HTTP/2. Docs Changes: Added comments about the new transport_socket_maches field in the HDS specifier proto. Release Notes: Included Signed-off-by: Drew S. Ortega <[email protected]>
Documented a common integration tests problem when the response content-length header does not match the actual body length. Signed-off-by: Yosry Ahmed [email protected] Risk Level: N/A Testing: N/A Docs Changes: N/A Release Notes: N/A Signed-off-by: Yosry Ahmed <[email protected]>
) This fixes typos in Lua filter documentation and adds an example script. Applying recommendations from: #13010 (comment) Risk Level: Low, docs only. Testing: N/A Docs Changes: Fix typos in Lua filter documentation; added an example script showing how to access request/response information using specific headers. Release Notes: N/A Signed-off-by: Pauline <[email protected]>
Update mirror used to fetch kafka dependency to a valid, working mirror. Resolves #13011 Risk Level: low Testing: covered by CI Signed-off-by: John Murray <[email protected]>
Add a field to the current protobuf of ScopedRouteConfiguration to enable on demand scoped route table loading. The on demand scope route tables will be loaded lazily. The lazy loading feature of route table associated with scope is achieved by extending the current vhds on_demand filter to support lazy loading of RouteConfigurationscoped route discovery service.If a scoped route configuration is set to be loaded lazily, upon a http request using SRDS, when the corresponding route table of a scope is not found, post a callback to control plane, request the route table from the management server, after the route table has been initialized, continue the filter chain. https://docs.google.com/document/d/15GX30U5CH2bsWUyQRkiiQ_nbMCoklvgP_ObrDaSlkuc/edit?usp=sharing Risk Level: Low Testing: add unit tests and integration test to verifiy behavior changes Fixes #10641 Signed-off-by: chaoqinli <[email protected]>
This will apply to all changes to external dependencies in future PRs. Part of #10471 Signed-off-by: Harvey Tuch <[email protected]>
Fixes #12962. Signed-off-by: Harvey Tuch <[email protected]>
Please see #12158 for more details about the issue. Risk level: Low Signed-off-by: Dmitri Dolguikh <[email protected]>
… a per thread limit. (#12897) Simplified Profile Action to have a per-process limit rather than a per thread limit which simplifies disk-filling concerns. We want to prevent the profiler from filling the disk, and using a per thread limit creates more complexity and profiles (i.e. for the "global" limit would be #threads * limit per thread vs limit per process. The former is harder to reason about. Signed-off-by: Kevin Baichoo <[email protected]>
Flipping envoy.reloadable_features.new_tcp_connection_pool to true by default Risk Level: High (but has been successfully smoke tested in prod this time) Testing: extensive Docs Changes: n/a Release Notes: were there from last time Signed-off-by: Alyssa Wilk <[email protected]>
Signed-off-by: DongRyeol Cha <[email protected]>
Risk Level: low (renames) Testing: tests renamed too Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <[email protected]>
Follow up to #12830 with another sparse log variant. The periodic version relies on a real world time source, which can be discussed separately here. Risk Level: Low Testing: Unit tests Signed-off-by: Otto van der Schaaf [email protected]
As per http://lua-users.org/wiki/MetatableEvents the __pairs metamethod is not available until lua 5.2, luajit/moonjit build lua 5.1. This define was set on Linux/Mac but not Windows. Signed-off-by: Sunjay Bhatia <[email protected]> Co-authored-by: William A Rowe Jr <[email protected]>
Signed-off-by: Erica Manno <[email protected]>
Signed-off-by: Ryan Northey <[email protected]>
Signed-off-by: Michael Rebello <[email protected]>
Signed-off-by: Michael Rebello <[email protected]>
The existing access for X509 extension values is unused in Envoy, but will be used in the near future for detection of certificates with the OCSP must-staple extension (see #12685). The existing implementation, however, assumes that all extension values can be safely decoded with ASN1_get_object, which is incorrect. Here we replace getX509ExtensionValue with a corrected implementation that produces different output (that is, the entire value octet string versus a partially decoded value). We remove (unused) access to extensions from Envoy::Ssl::Connection and rename the utility method to insure that downstream projects do not unintentionally consume the altered return value. Risk Level: low, not used in Envoy Testing: moved existing unit tests Docs Changes: n/a Release Notes: n/a Signed-off-by: Stephan Zuercher <[email protected]>
Description: Taking advantage of the new feature introduced in [#12035](#12035), which introduced quick visibility for init managers to check unready targets, this pull request adds protobuf message for unready targets and enables admin to dump configs of unready targets. An example of config dump for listeners’ unready targets is given in this pull request. Introduce ```InitDumpHandler``` with ```handlerInitDump``` method to help dump information of unready targets. Add ```dumpUnreadyTargets``` function for ```init::manager```. Risk Level: Low Docs Changes: protodoc Release Notes: Added Signed-off-by: pingsun <[email protected]>
Cleaning up an issue where if the TCP proxy session got a Connected event it was problematic. Risk Level: Low (minor refactor) Testing: new unit test Docs Changes: n/a Release Notes: n/a Signed-off-by: Alyssa Wilk <[email protected]>
Enable dynamic link test for coverage, to save storage / cache. Risk Level: Low (test only) Testing: CI Docs Changes: N/A Release Notes: N/A Also fixes #13020 Signed-off-by: Lizan Zhou <[email protected]>
This imports searchtools.js from https://raw.githubusercontent.com/sphinx-doc/sphinx/3.x/sphinx/themes/basic/static/searchtools.js. #13005 (comment) Signed-off-by: Dhi Aurrahman <[email protected]>
This patch introduces the xDS transport++ context parameter encoding algorithm. Risk level: Low Testing: Unit tests added. Part of #11264 Signed-off-by: Harvey Tuch <[email protected]>
Fix thrift request overflow crash. When requests overflow, the onPoolFailure will set host to null, and causes a crash. Risk Level: low Testing: added unit test Docs Changes: n/a Release Notes: added Signed-off-by: Guang Yang <[email protected]>
…3 imports (#12982) I've included CPE metadata as comments in bazel/repositories_extra.bzl. I thought this would be better for programmatic inclusion in docs/generate_external_dep_rst.py Risk Level: Low Testing: bazel --nohome_rc test //test/extensions/filters/network/kafka/... bazel --nohome_rc test //test/extensions/filters/network/thrift_proxy/... Signed-off-by: Michael Payne <[email protected]>
Signed-off-by: Asra Ali <[email protected]>
The time at which responses are received is recorded, and stored with cached responses as response_time. When a response is served from cache, response_time and other headers are used to correctly calculate the age of the cached response. Risk Level: Low Testing: Unit tests. Docs Changes: N/A Release Notes: N/A Fixes #9859 Fixes #12140 Signed-off-by: Yosry Ahmed <[email protected]>
Additional Description: This PR necessitated decoupling SslHandshakerImpl from ContextConfig a bit. We now pass an int representing the index of the extended_info struct rather than the ContextConfig. This PR moves SslHandshakerImpl to its own build target, moves SslHandshaker construction into the ContextConfig, and adds a HandshakerFactoryContext and HandshakerFactory for modifying the ContextConfig's behavior when constructing a Handshaker. This PR also adds a control (requireCertificates) to turn off the release asserts that a context must have certificates. This PR builds off work in #12571 and refines work done (and abandoned) in #12075. For more discussion please see the comments section of #12075. Risk Level: Low. This PR does not modify existing handshaking behavior, it just adds an extension point for modifying it. Testing: A representative alternative implementation was added under :handshaker_test. Docs Changes: N/a Release Notes: N/a Signed-off-by: James Buckland <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
May 30, 2022
…yproxy#20170) * test: adding a multi-envoy test (envoyproxy#20016) Functionally this handles the multi-envoy signal handler crash skips instantiating a runtime singleton (off by default, must stay off until remove global runtime: rebase runtime features on ABSL_flags envoyproxy#19847 is closed) Multi-envoy does not correctly support runtime flags or deprecation stats due to envoyproxy#19847 being incomplete. It can still handle proxy traffic client - L1 - L2 - upstream as shown in test. Risk Level: low Testing: yes Docs Changes: n/a Release Notes: n/a Part of envoyproxy/envoy-mobile#2003 Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Rex Chang <[email protected]> * Add a congestionWindowInBytes method to Envoy::Network::Connection (envoyproxy#20105) Signed-off-by: Bin Wu <[email protected]> Signed-off-by: Rex Chang <[email protected]> * Update QUICHE from 50f15e7a5 to cf1588207 (envoyproxy#20154) https://github.com/google/quiche/compare/50f15e7a5..cf1588207 $ git log 50f15e7a5..cf1588207 --date=short --no-merges --format="%ad %al %s" 2022-02-28 wub Deprecate --gfe2_reloadable_flag_quic_crypto_noop_if_disconnected_after_process_chlo. 2022-02-27 vasilvv Remove QuicheMemSlice(QuicUniqueBufferPtr, size_t) constructor. 2022-02-26 fayang Use std::string instead of absl::string_view in CryptoBufferMap. 2022-02-25 bnc Ignore incoming HTTP/3 MAX_PUSH_ID frames. 2022-02-25 bnc Remove Http3DebugVisitor::OnMaxPushIdFrameSent(). 2022-02-25 bnc Remove QuicSpdySession::CanCreatePushStreamWithId(). 2022-02-25 fayang Deprecate gfe2_reloadable_flag_quic_single_ack_in_packet2. Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Rex Chang <[email protected]> * build(deps): bump actions/stale from 4.1.0 to 5 (envoyproxy#20159) Bumps [actions/stale](https://github.com/actions/stale) from 4.1.0 to 5. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v4.1.0...v5) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <[email protected]> * admin: improve test coverage and increase the coverage-percent threshold (envoyproxy#20025) Adds a missing test for recent lookups now that there are no more fake symbol tables. Adds tests for a variety of override methods defined in admin.h that were previously hard to hit. Adds a benchmark test to establish a baseline for the speedups in envoyproxy#19693 Signed-off-by: Joshua Marantz <[email protected]> Signed-off-by: Rex Chang <[email protected]> * test: removing a bunch of direct runtime singleton access (envoyproxy#19993) Signed-off-by: Alyssa Wilk <[email protected]> Signed-off-by: Rex Chang <[email protected]> * build(deps): bump grpcio-tools in /examples/grpc-bridge/client (envoyproxy#20040) Bumps [grpcio-tools](https://github.com/grpc/grpc) from 1.43.0 to 1.44.0. - [Release notes](https://github.com/grpc/grpc/releases) - [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md) - [Commits](grpc/grpc@v1.43.0...v1.44.0) --- updated-dependencies: - dependency-name: grpcio-tools dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Rex Chang <[email protected]> * adds to spellcheck Signed-off-by: Rex Chang <[email protected]> * xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * adds to spell check dictionary Signed-off-by: Rex Chang <[email protected]> * fixes spellcheck Signed-off-by: Rex Chang <[email protected]> * adds to spellcheck Signed-off-by: Rex Chang <[email protected]> xray tracer: set subsegment type for child spans (#2) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> Xray subsegment (#3) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> Xray subsegment (#4) * xray tracer: set subsegment type for child spans Signed-off-by: Rex Chang <[email protected]> * adds test coverage Signed-off-by: Rex Chang <[email protected]> * updates xray subsegment name to use operation name (instead of parent's span name) Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * updates doc Signed-off-by: Rex Chang <[email protected]> * adds to spell check dictionary Signed-off-by: Rex Chang <[email protected]> fixes spellcheck Signed-off-by: Rex Chang <[email protected]> * fixes spell check Signed-off-by: Rex Chang <[email protected]> Co-authored-by: alyssawilk <[email protected]> Co-authored-by: Bin Wu <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Joshua Marantz <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…roxy#22689) Commit Message: stream_idle_timer_ is armed to timeout the sending of the bufferred response payload in the quic stream send buffer after the end stream is buffered in the stream. But today this timer is armed even if the the encoding of the payload causes the stream to be closed, in which case the timer can never be cancelled till the stream destruction with ASSERT hit as below: [2022-08-12 22:23:38.843][12][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x50e8d0000000c [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-12 22:23:38.844][12][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x3480b28] [2022-08-12 22:23:38.858][12][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7f94b072c200] [2022-08-12 22:23:38.872][12][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::Quic::EnvoyQuicStream::~EnvoyQuicStream() [0x2a2fe98] [2022-08-12 22:23:38.885][12][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a78058] [2022-08-12 22:23:38.899][12][critical][backtrace] [./source/server/backtrace.h:96] #4: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d30] [2022-08-12 22:23:38.912][12][critical][backtrace] [./source/server/backtrace.h:96] #5: Envoy::Quic::EnvoyQuicServerStream::~EnvoyQuicServerStream() [0x2a77d69] This change check stream close in this case, so that the idle timer will not be armed for closed streams. Risk Level: low Testing: new unit test Docs Changes: N/A Release Notes: N/A Platform Specific Features: N/A Signed-off-by: Dan Zhang <[email protected]>
wangfakang
pushed a commit
that referenced
this pull request
Sep 15, 2022
…voyproxy#22856) `//test/integration:tcp_proxy_odcds_integration_test` was observed to fail as follows: ``` ==================== Test output for //test/integration:tcp_proxy_odcds_integration_test: [==========] Running 24 tests from 1 test suite. [----------] Global test environment set-up. [----------] 24 tests from IpVersionsClientType/TcpProxyOdcdsIntegrationTest [ RUN ] IpVersionsClientType/TcpProxyOdcdsIntegrationTest.SingleTcpClient/0 [2022-08-25 20:22:46.750][3969][critical][assert] [test/integration/fake_upstream.cc:832] assert failure: !dispatcher_->isThreadSafe(). [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:104] Caught Aborted, suspect faulting address 0x6b00000f81 [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:91] Backtrace (use tools/stack_decode.py to get line numbers): [2022-08-25 20:22:46.752][3969][critical][backtrace] [./source/server/backtrace.h:92] Envoy version: 0/1.24.0-dev/test/DEBUG/BoringSSL [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #0: Envoy::SignalAction::sigHandler() [0x4c46a78]->[0x2cf2a78] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1267 [2022-08-25 20:22:46.773][3969][critical][backtrace] [./source/server/backtrace.h:96] #1: __restore_rt [0x7ffbdaa79420]->[0x7ffbd8b25420] ??:0 [2022-08-25 20:22:46.802][3969][critical][backtrace] [./source/server/backtrace.h:96] #2: Envoy::FakeUpstream::assertPendingConnectionsEmpty() [0x245bf0b]->[0x507f0b] ??:0 [2022-08-25 20:22:46.846][3969][critical][backtrace] [./source/server/backtrace.h:96] #3: Envoy::(anonymous namespace)::TcpProxyOdcdsIntegrationTest_SingleTcpClient_Test::TestBody() [0x1f596cb]->[0x56cb] ??:0 [2022-08-25 20:22:46.877][3969][critical][backtrace] [./source/server/backtrace.h:96] #4: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588b61b]->[0x393761b] ??:0 [2022-08-25 20:22:46.924][3969][critical][backtrace] [./source/server/backtrace.h:96] #5: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587c2bd]->[0x39282bd] ??:0 [2022-08-25 20:22:46.966][3969][critical][backtrace] [./source/server/backtrace.h:96] #6: testing::Test::Run() [0x5864ba3]->[0x3910ba3] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_vector.h:0 [2022-08-25 20:22:47.003][3969][critical][backtrace] [./source/server/backtrace.h:96] #7: testing::TestInfo::Run() [0x586576a]->[0x391176a] external/com_google_absl/absl/container/internal/raw_hash_set.h:1259 [2022-08-25 20:22:47.037][3969][critical][backtrace] [./source/server/backtrace.h:96] #8: testing::TestSuite::Run() [0x5865fbb]->[0x3911fbb] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/stl_algo.h:1925 [2022-08-25 20:22:47.089][3969][critical][backtrace] [./source/server/backtrace.h:96] #9: testing::internal::UnitTestImpl::RunAllTests() [0x5874a28]->[0x3920a28] envoy/registry/registry.h:509 [2022-08-25 20:22:47.114][3969][critical][backtrace] [./source/server/backtrace.h:96] #10: testing::internal::HandleSehExceptionsInMethodIfSupported<>() [0x588ddbb]->[0x3939dbb] envoy/registry/registry.h:0 [2022-08-25 20:22:47.160][3969][critical][backtrace] [./source/server/backtrace.h:96] #11: testing::internal::HandleExceptionsInMethodIfSupported<>() [0x587e683]->[0x392a683] /usr/lib/gcc/x86_64-linux-gnu/9/../../../../include/c++/9/bits/unique_ptr.h:154 [2022-08-25 20:22:47.191][3969][critical][backtrace] [./source/server/backtrace.h:96] #12: testing::UnitTest::Run() [0x5874568]->[0x3920568] envoy/registry/registry.h:508 [2022-08-25 20:22:47.237][3969][critical][backtrace] [./source/server/backtrace.h:96] #13: RUN_ALL_TESTS() [0x4878d51]->[0x2924d51] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1203 [2022-08-25 20:22:47.284][3969][critical][backtrace] [./source/server/backtrace.h:96] #14: Envoy::TestRunner::RunTests() [0x48783b1]->[0x29243b1] external/com_google_googletest/googlemock/include/gmock/gmock-actions.h:485 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #15: main [0x4874c3a]->[0x2920c3a] external/com_google_googletest/googlemock/include/gmock/gmock-spec-builders.h:1181 [2022-08-25 20:22:47.316][3969][critical][backtrace] [./source/server/backtrace.h:96] #16: __libc_start_main [0x7ffbda897083]->[0x7ffbd8943083] ??:0 ================================================================================ ``` This is due to the race described by envoyproxy#22855. Making sure the dispatcher thread is running before starting the test avoids this problem. Signed-off-by: Benjamin Peterson <[email protected]>
hatappi
pushed a commit
to hatappi/envoy-go-extension
that referenced
this pull request
Nov 15, 2022
This test sends a large number of metadata frames in order to trigger a disconnect. However, it was possible for the disconnect to happen and the connection to be torn down before all the metadata frames had been sent. If that happened, ASAN detected a UAF:
```
==95==ERROR: AddressSanitizer: heap-use-after-free on address 0x60700037e5a0 at pc 0x000004811f9e bp 0x7ffc903af990 sp 0x7ffc903af988
READ of size 8 at 0x60700037e5a0 thread T0
#0 0x4811f9d in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:168:3
#1 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#2 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#3 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#4 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#5 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#6 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#7 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/
gtest.cc:2580:10
wangfakang#8 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#9 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#10 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#11 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
wangfakang#12 0x45ed36d in _start (/mnt/ssd/cas/work/1/exec/bazel-out/k8-dbg/bin/test/integration/http2_flood_integration_test.runfiles/envoy/test/integration/http2_flood_integration_test+0x45ed36d)
0x60700037e5a0 is located 48 bytes inside of 80-byte region [0x60700037e570,0x60700037e5c0)
freed by thread T0 here:
#0 0x466f7d2 in free /local/mnt/workspace/bcain_clang_hu-bcain-lv_22036/final/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:52:3
#1 0x831dde8 in Envoy::Http::CodecClient::ActiveRequest::~ActiveRequest() /proc/self/cwd/./source/common/http/codec_client.h:220:10
wangfakang#2 0x5aa33f9 in std::__1::unique_ptr<Envoy::Event::DeferredDeletable, std::__1::default_delete<Envoy::Event::DeferredDeletable> >::reset(Envoy::Event::DeferredDeletable*) /opt/llvm/bin/../include/c++/v1/__memory/unique_ptr.h:54:5
wangfakang#3 0xa3218e8 in Envoy::Event::DispatcherImpl::clearDeferredDeleteList() /proc/self/cwd/source/common/event/dispatcher_impl.cc:142:21
wangfakang#4 0xa3348df in void std::__1::__invoke_void_return_wrapper<void, true>::__call<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&
, Envoy::Random::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&
, std::__1::shared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&>(Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Rand
om::RandomGenerator&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::s
hared_ptr<Envoy::Buffer::WatermarkFactory> const&)::$_2&) /proc/self/cwd/source/common/event/dispatcher_impl.cc:79:30
wangfakang#5 0xa334603 in std::__1::__function::__func<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenerator&,
Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy::Buffe
r::WatermarkFactory> const&)::$_2, std::__1::allocator<Envoy::Event::DispatcherImpl::DispatcherImpl(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&, Envoy::Thread::ThreadFactory&, Envoy::TimeSource&, Envoy::Random::RandomGenera
tor&, Envoy::Filesystem::Instance&, Envoy::Event::TimeSystem&, std::__1::function<std::__1::unique_ptr<Envoy::Event::ScaledRangeTimerManager, std::__1::default_delete<Envoy::Event::ScaledRangeTimerManager> > (Envoy::Event::Dispatcher&)> const&, std::__1::shared_ptr<Envoy:
:Buffer::WatermarkFactory> const&)::$_2>, void ()>::operator()() /opt/llvm/bin/../include/c++/v1/__functional/function.h:180:16
wangfakang#6 0x4897039 in std::__1::__function::__value_func<void ()>::operator()() const /opt/llvm/bin/../include/c++/v1/__functional/function.h:507:16
wangfakang#7 0xa8e6aa4 in Envoy::Event::SchedulableCallbackImpl::SchedulableCallbackImpl(Envoy::CSmartPtr<event_base, &(event_base_free)>&, std::__1::function<void ()>)::$_0::__invoke(int, short, void*) /opt/llvm/bin/../include/c++/v1/__functional/function.h:1184:12
wangfakang#8 0xb557c5e in event_process_active_single_queue /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:1713:4
wangfakang#9 0xb539252 in event_process_active /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c
wangfakang#10 0xb539252 in event_base_loop /mnt/ssd/cas/work/2/exec/external/com_github_libevent_libevent/event.c:2047:12
wangfakang#11 0xa8e1e3c in Envoy::Event::LibeventScheduler::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/libevent_scheduler.cc:60:3
wangfakang#12 0xa32bd94 in Envoy::Event::DispatcherImpl::run(Envoy::Event::Dispatcher::RunType) /proc/self/cwd/source/common/event/dispatcher_impl.cc:299:19
wangfakang#13 0x480faad in Envoy::IntegrationCodecClient::flushWrite() /proc/self/cwd/test/integration/http_integration.cc:100:29
wangfakang#14 0x4811e94 in Envoy::IntegrationCodecClient::sendMetadata(Envoy::Http::RequestEncoder&, Envoy::Http::MetadataMap) /proc/self/cwd/test/integration/http_integration.cc:169:3
wangfakang#15 0x46ed711 in Envoy::Http2FloodMitigationTest_RequestMetadata_Test::TestBody() /proc/self/cwd/test/integration/http2_flood_integration_test.cc:1486:20
wangfakang#16 0xd380e64 in void testing::internal::HandleExceptionsInMethodIfSupported<testing::Test, void>(testing::Test*, void (testing::Test::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#17 0xd348dc2 in testing::Test::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2655:5
wangfakang#18 0xd34a927 in testing::TestInfo::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2832:11
wangfakang#19 0xd34ccc4 in testing::TestSuite::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2986:28
wangfakang#20 0xd36f07a in testing::internal::UnitTestImpl::RunAllTests() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5697:44
wangfakang#21 0xd384e63 in bool testing::internal::HandleExceptionsInMethodIfSupported<testing::internal::UnitTestImpl, bool>(testing::internal::UnitTestImpl*, bool (testing::internal::UnitTestImpl::*)(), char const*) /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:2580:10
wangfakang#22 0xd36dd86 in testing::UnitTest::Run() /proc/self/cwd/external/com_google_googletest/googletest/src/gtest.cc:5280:10
wangfakang#23 0xa0e53a4 in Envoy::TestRunner::RunTests(int, char**) /proc/self/cwd/external/com_google_googletest/googletest/include/gtest/gtest.h:2485:46
wangfakang#24 0xa0e0af7 in main /proc/self/cwd/test/main.cc:34:10
wangfakang#25 0x7f442ef69082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) (BuildId: 1878e6b475720c7c51969e69ab2d276fae6d1dee)
```
To fix that, write all metadata frames at once.
Signed-off-by: Benjamin Peterson <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
For an explanation of how to fill out the fields, please see the relevant section
in PULL_REQUESTS.md
Commit Message:
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes:
[Optional Runtime guard:]
[Optional Fixes #Issue]
[Optional Deprecated:]