Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid time operations that can panic #599

Merged
merged 1 commit into from
Feb 1, 2022
Merged

Avoid time operations that can panic #599

merged 1 commit into from
Feb 1, 2022

Conversation

olix0r
Copy link
Collaborator

@olix0r olix0r commented Jan 31, 2022

We have reports of runtime panics (linkerd/linkerd2#7748) that sound a
lot like rust-lang/rust#86470. We don't have any evidence that these
panics originate in h2, but there is one use of Instant::sub that
could panic in this way.

Even though this is almost definitely a bug in Rust, it seems most
prudent to actively avoid the uses of Instant that are prone to this
bug. These fixes should ultimately be made in the standard library, but
this change lets us avoid this problem while we wait for those fixes.

This change replaces uses of Instant::elapsed and Instant::sub with
calls to Instant::saturating_duration_since to prevent this class of
panic.

See also hyperium/hyper#2746

@olix0r
Avoid time operations that can panic
a2f783c 
We have reports of runtime panics (linkerd/linkerd2#7748) that sound a
lot like rust-lang/rust#86470. We don't have any evidence that these
panics originate in h2, but there is one use of `Instant::sub` that
could panic in this way.

Even though this is almost definitely a bug in Rust, it seems most
prudent to actively avoid the uses of `Instant` that are prone to this
bug. These fixes should ultimately be made in the standard library, but
this change lets us avoid this problem while we wait for those fixes.

This change replaces uses of `Instant::elapsed` and `Instant::sub` with
calls to `Instant::saturating_duration_since` to prevent this class of
panic.

See also hyperium/hyper#2746
@seanmonstar seanmonstar merged commit 4dc2b4a into master Feb 1, 2022
@seanmonstar seanmonstar deleted the ver/saturating_duration_since branch February 1, 2022 00:22
@olix0r olix0r mentioned this pull request Feb 1, 2022
Closed
hawkw added a commit that referenced this pull request Mar 9, 2022
@hawkw
v0.3.12
cc43c0b 
# 0.3.12 (March 9, 2022)

* Avoid time operations that can panic (#599)
* Bump MSRV to Rust 1.49 (#606)
* Fix header decoding error when a header name is contained at a continuation
  header boundary (#589)
* Remove I/O type names from handshake `tracing` spans (#608)
@hawkw hawkw mentioned this pull request Mar 9, 2022
Merged
seanmonstar pushed a commit that referenced this pull request Mar 9, 2022
@hawkw @seanmonstar
v0.3.12
3383ef7 
# 0.3.12 (March 9, 2022)

* Avoid time operations that can panic (#599)
* Bump MSRV to Rust 1.49 (#606)
* Fix header decoding error when a header name is contained at a continuation
  header boundary (#589)
* Remove I/O type names from handshake `tracing` spans (#608)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanmonstar seanmonstar seanmonstar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@olix0r @seanmonstar