Always clear the local buffer in ArrayBuffer

[davidfowl]

• SslStream was holding onto a 4K byte[] after the handshake was complete. This was because the ArrayBuffer struct doesn't clear the local buffer field in dispose. This changes that.

Before:

After:

Blocked on #49945

[ghost]

I couldn't figure out the best area label to add to this PR. If you have write-permissions please help me learn by adding exactly one area label.

[ghost]

Tagging subscribers to this area: @dotnet/ncl, @vcsjones
See info in area-owners.md if you want to be subscribed.

Issue Details

---

• SslStream was holding onto a 4K byte[] after the handshake was complete. This was because the ArrayBuffer struct doesn't clear the local buffer field in dispose. This changes that.

Before:

After:

Author:	davidfowl
Assignees:	-
Labels:	area-System.Net.Security
Milestone:	-

[wfurt]

LGTM

[davidfowl]

Are these tests generally broken?

[stephentoub]

The mono ones are #49569.

The coreclr osx ones I haven't seen. Can you open an issue for that?

CI has been very unhappy the last few days. I suspect as a result things were merged that shouldn't have been, compounding the problem.

[davidfowl]

Looks like a timezone thing.

[davidfowl]

this fix actually broke a test:

Unhandled exception. System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Net.ArrayBuffer.get_AvailableLength() in /_/src/libraries/Common/src/System/Net/ArrayBuffer.cs:line 58
   at System.Net.ArrayBuffer.EnsureAvailableSpace(Int32 byteCount) in /_/src/libraries/Common/src/System/Net/ArrayBuffer.cs:line 86
   at System.Net.SafeDeleteSslContext.WriteToConnection(Void* connection, Byte* data, Void** dataLength) in /_/src/libraries/System.Net.Security/src/System/Net/Security/Pal.OSX/SafeDeleteSslContext.cs:line 164
./RunTests.sh: line 162: 23722 Abort trap: 6           (core dumped) "$RUNTIME_PATH/dotnet" exec --runtimeconfig System.Net.Security.Tests.runtimeconfig.json --depsfile System.Net.Security.Tests.deps.json xunit.console.dll System.Net.Security.Tests.dll -xml testResults.xml -nologo -nocolor -notrait category=IgnoreForCI -notrait category=OuterLoop -notrait category=failing $RSP_FILE
/p

[davidfowl]

this fix actually broke a test: Uncovered a user after free bug on OSX.

Looks like something is calling WriteToConnection after Dispose @wfurt ?

[wfurt]

This is similar to #43686. We really should throw ObjectDisposed exception in this case. HttpClient with H2 is particularly prune to write after Dispose. I'll check if I can reproduce it locally with your change @davidfowl. I could not reproduce #43686 so it got eventually closed without resolution.

I still feel the change make sense. We will just need to improve error checking inside SslStream. (or hold off like we do for the _nestedRead)

[davidfowl]

Yes, the change does make sense. I was looking into the SSL APIs on OSX but I think that should be fixed separately. I'm gonna merge this, can you open an issue the write after dispose?

[stephentoub]

I'm gonna merge this

If merging this is going to tank CI further, please don't.

[davidfowl]

OK I pushed a new change that tries to keep the old behavior (writing into the ArrayBuffer after dispose), which should allow some slack for fixing the real use after free issue. We can revert that part of the change when we figure out why its happening on OSX.

[stephentoub]

This change isn't critical to get in asap. Let's just prioritize finding and fixing the problem and hold on this until we do.

[davidfowl]

I'm all for fixing the bug I don't want to hold this change hostage though. While it's not critical to get in ASAP, my only fear is that the bug will get punted and also the fix. At a bare minimum, if the fix for the real issue isn't trivial or the fix is hard verify (because reproducing is hard), we should take this improvement but I'll let @wfurt decide on what's best.

Good news is that there's a dump captured as part of the crash...

[stephentoub]

I don't want to hold this change hostage though

This change is causing a crash. While it should be valid, because of another issue it's not. We should fix the other issue before trying to push this in. And I do not want to complicate the code trying to mask the other issue. As I said, let's prioritize finding and fixing the other one, then this change will be valid and the original simple change can be merged.

[davidfowl]

We generally agree, I just want to make sure we have some trip wires and backup plans in place (the other similar issue did get closed). But I'll be optimistic 😄

[wfurt]

I think the real issue lives macOS PAL. I can reproduce it locally and I'll take look next week.
I'm not sure we should pollute ArrayBuffer to compensate that. I liked the first simple change better.
cc: @geoffkizer as original author of ArrayBuffer

[davidfowl]

Let me know if you want me to revert to the original change or if you want to take over this change in general and pair it with the OSX fix

[jkotas]

The workaround in the ArrayBuffer does not look 100% reliable due to race conditions. It will just make the crash to show up less often. Does it sound right? If it is the case, we should definitely wait for the proper fix.

[davidfowl]

I'm not defending the workaround for the crash, it's as unreliable as it was before. The ArrayBuffer isn't thread safe without or without this change.

[geoffkizer]

As others have said, let's not merge a temporary work-around here. Let's fix the issue in thee OSX PAL or wherever and then merge the proper fix.

my only fear is that the bug will get punted and also the fix.

You've identified a nontrivial perf issue here, and the fix is straightforward. The odds of this getting punted are very low.

[davidfowl]

Sounds fine to me

[geoffkizer]

/azp run runtime-libraries-coreclr outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[davidfowl]

/azp run

[azure-pipelines]

You have several pipelines (over 10) configured to build pull requests in this repository. Specify which pipelines you would like to run by using /azp run [pipelines] command. You can specify multiple pipelines using a comma separated list.

[davidfowl]

/azp run runtime

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[davidfowl]

/azp run all

[azure-pipelines]

No pipelines are associated with this pull request.

[davidfowl]

/azp list

[azure-pipelines]

CI/CD Pipelines for this repository:

• coreclr-gc-longrunning
• coreclr-gc-simulator
• runtime-coreclr outerloop
• runtime-coreclr jitstress
• runtime-coreclr jitstressregs
• runtime-coreclr jitstress2-jitstressregs
• runtime-coreclr r2r-extra
• runtime-coreclr jitstress-isas-x86
• runtime-coreclr jitstress-isas-arm
• runtime-coreclr jitstressregs-x86
• runtime-coreclr libraries-jitstressregs
• runtime-coreclr libraries-jitstress2-jitstressregs
• runtime-coreclr r2r
• runtime-coreclr runincontext
• runtime-coreclr crossgen2
• runtime-libraries-coreclr outerloop
• runtime-libraries-coreclr outerloop-windows
• runtime-libraries-coreclr outerloop-linux
• runtime-libraries-coreclr outerloop-osx
• runtime
• runtime-libraries enterprise-linux
• runtime-libraries stress-http
• runtime-libraries stress-ssl
• runtime-dev-innerloop
• runtime-coreclr crossgen2 outerloop
• coreclr-release-outerloop-nightly
• sync-runtime-to-mono
• runtime-coreclr crossgen2-composite
• runtime-jit-experimental
• runtime-coreclr libraries-jitstress
• runtime-coreclr libraries-gcstress0x3-gcstress0xc
• runtime-coreclr libraries-gcstress-extra
• dotnet-linker-tests
• runtime-coreclr ilasm
• runtime-coreclr clrinterpreter
• runtime-coreclr crossgen2-composite gcstress
• runtime-libraries-mono outerloop
• runtime-staging
• runtime-richnav

[davidfowl]

/azp run runtime-dev-innerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[davidfowl]

/azp run runtime-staging

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[davidfowl]

How do I re-run these mono tests 😄

[davidfowl]

/azp run runtime-libraries-mono outerloop

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[davidfowl]

Force push never fails...