Skip to content

[UNDERTOW-2403] Fix race condition in read from buffer at ServletInpu…#1602

Open
fl4via wants to merge 1 commit intoundertow-io:mainfrom
fl4via:UNDERTOW-2403
Open

[UNDERTOW-2403] Fix race condition in read from buffer at ServletInpu…#1602
fl4via wants to merge 1 commit intoundertow-io:mainfrom
fl4via:UNDERTOW-2403

Conversation

@fl4via
Copy link
Member

@fl4via fl4via commented Jun 13, 2024

…tStreamImpl: prevent a NPE from being thrown to invoker in case input stream is closed by another thread (which can happen typically in timeouts)

Jira: https://issues.redhat.com/browse/UNDERTOW-2403

@fl4via fl4via added the bug fix Contains bug fix(es) label Jun 13, 2024
@fl4via fl4via requested review from baranowb and ropalka June 13, 2024 17:51
baranowb
baranowb reviewed Jun 19, 2024
View reviewed changes
servlet/src/main/java/io/undertow/servlet/spec/ServletInputStreamImpl.java

private void closePoolIfNotNull() {
try {
if (pooled != null) {
Copy link
Contributor

@baranowb baranowb Jun 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ONly thing Id consider is to have local var? unless thats calculated choice to sometimes pay price of exception, rather than constant cost of local var and assignment.

Copy link
Contributor

@baranowb baranowb Jun 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fl4via ^^

Copy link
Member Author

@fl4via fl4via Jun 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We will pay the price of the NPE anyway, but, yes, I think adding the local var is a good idea because it will make the exception less likely.

if (pooled != null) {
   final PooledByteBuffer pooled = this.pooled; // we can still read a null value here, hence, NPE when closing
   this.pooled = null;
   pooled.close();  // marginal risk of NPE here
}

Copy link
Member Author

@fl4via fl4via Jun 20, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As a secod thought, will it make it less likely, if the time spent seting it to a variable might be the same time it takes to invoke close directly? Or is it not? I'll try to see if I can find some information on this. But the code I suggested above might have the same statistical risk of getting the NPE as the one we have without the local variable.

@baranowb baranowb added waiting PR update Awaiting PR update(s) from contributor before merging failed CI Introduced new regession(s) during CI check labels Jun 24, 2024
@baranowb
Copy link
Contributor

baranowb commented Jun 24, 2024

Im going to trigger CI once more. Most likely this either needs to disable on mac or expect failure. Most likely we should have some sort of OS specific annotations or utility to make this kind of exclusion easier.

@baranowb baranowb mentioned this pull request Oct 30, 2024
Merged
@zacYL zacYL mentioned this pull request Sep 26, 2025
Open
@AkashB23
Copy link

AkashB23 commented Dec 9, 2025
edited
Loading

@fl4via @baranowb refering to the ticket and discusion on the thread, seems like this could happen in all recent versions of undertow, but we started seeing the similar exception

UT005090: Unexpected failure java.lang.NullPointerException: Cannot invoke "io.undertow.connector.PooledByteBuffer.getBuffer()" because "this.pooled" is null
 at io.undertow.servlet.spec.ServletInputStreamImpl.readIntoBuffer(ServletInputStreamImpl.java:202)
 at io.undertow.servlet.spec.ServletInputStreamImpl.close(ServletInputStreamImpl.java:266)
 at io.undertow.servlet.spec.HttpServletRequestImpl.closeAndDrainRequest(HttpServletRequestImpl.java:728)
 at io.undertow.servlet.core.ServletBlockingHttpExchange.close(ServletBlockingHttpExchange.java:89)
 at io.undertow.server.HttpServerExchange.endExchange(HttpServerExchange.java:1748)
 at io.undertow.server.Connectors.executeRootHandler(Connectors.java:420)
 at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:900)

only after updating from undertow 2.3.18.Final to 2.3.20.Final as part of spring boot 3.5, was there a change in either of 2.3.19 , 2.3.20 which is causing the NPE ? and how does this impact the request processing ?

@fl4via
Copy link
Member Author

fl4via commented Mar 4, 2026

@AkashB23 not that I recall.
More likely, what you are noticing is caused by this PR's bug, that was already in the code before, but that has become more likely to occur as a collateral effect of other fixes (a simple change in the time the threads take to run is enough to cause this). Anyway, let's try to get this fixed asap.
If you have a reproducer, please let me know as it could be useful!

@fl4via fl4via added waiting CI check Ready to be merged but waiting for CI check and removed waiting PR update Awaiting PR update(s) from contributor before merging failed CI Introduced new regession(s) during CI check labels Mar 4, 2026
@fl4via
Copy link
Member Author

fl4via commented Mar 4, 2026

This relates to UNDERTOW-2298 #1509

@fl4via fl4via mentioned this pull request Mar 4, 2026
Open
@fl4via
[UNDERTOW-2403] Fix race condition in read from buffer at ServletInpu…
33d3abf 
…tStreamImpl: prevent a NPE from being thrown to invoker in case input stream is closed by another thread (which can happen typically in timeouts)

Signed-off-by: Flavia Rainone <frainone@redhat.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@baranowb baranowb baranowb left review comments

@ropalka ropalka Awaiting requested review from ropalka

Assignees

No one assigned

Labels

bug fix Contains bug fix(es) waiting CI check Ready to be merged but waiting for CI check

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fl4via @baranowb @AkashB23