sts-sponsors team mailing list archive

Thread
Date

[Bug 1903733] [NEW] Out of memory issue for websocket client

To: sts-sponsors@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1903733@xxxxxxxxxxxxxxxxxx>
Date: Tue, 15 Dec 2020 15:07:25 -0000
Reply-to: Bug 1903733 <1903733@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

You have been subscribed to a public bug by Eric Desrochers (slashd):

[Impact]
Applications using package python-tornado v5.1.1 or earlier are susceptible to an out of memory error related to websockets.

[Other Info]

Upstream commit(s):
https://github.com/tornadoweb/tornado/pull/2351/commits/20becca336caae61cd24f7afba0e177c0a210c70

$ git remote -v
origin	https://github.com/tornadoweb/tornado.git (fetch)
origin	https://github.com/tornadoweb/tornado.git (push)

$ git describe --contains 20becca3
v5.1.0b1~28^2~1

$ rmadison python3-tornardo
 => python3-tornado | 4.2.1-1ubuntu3      | xenial
 python3-tornado | 4.5.3-1             | bionic/universe
 => python3-tornado | 4.5.3-1ubuntu0.1    | bionic-updates/universe
 python3-tornado | 6.0.3+really5.1.1-3 | focal/universe
 python3-tornado | 6.0.4-2             | groovy/universe
 python3-tornado | 6.0.4-3             | hirsute/universe
 python3-tornado | 6.1.0-1             | hirsute-proposed/universe

[Original Description]

Tornado has no 'flow control' for websockets. A websocket will receive data as fast as it can, and store the data in a deque. If that data is not consumed as fast as it is written, then that deque will grow in size indefinitely, ultimately leading to a memory error and killing the process.
Fix is to use a Queue. Read and get messages from the queue on the client side.

Patch file [0]
Commit history [1]
GitHub [2]
Issue [3]

[0] https://patch-diff.githubusercontent.com/raw/tornadoweb/tornado/pull/2351.patch
[1] https://github.com/tornadoweb/tornado/pull/2351/commits
[2] https://github.com/tornadoweb/tornado
[3] https://github.com/tornadoweb/tornado/issues/2341

[Test Case]
I was unable to provide adequate testing and/or a reproducer for this bug.
In the bionic patch, the unit tests were failing and I have added another patch to address this 

 d/p/0001-test-Skip-test_source_port_fail-when-running-as-root.patch

** Affects: python-tornado (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: python-tornado (Ubuntu Xenial)
     Importance: Undecided
     Assignee: Heather Lemon (hypothetical-lemon)
         Status: In Progress

** Affects: python-tornado (Ubuntu Bionic)
     Importance: Undecided
     Assignee: Heather Lemon (hypothetical-lemon)
         Status: In Progress

** Affects: python-tornado (Ubuntu Focal)
     Importance: Undecided
         Status: Fix Released

** Affects: python-tornado (Ubuntu Groovy)
     Importance: Undecided
         Status: Fix Released

** Affects: python-tornado (Ubuntu Hirsute)
     Importance: Undecided
         Status: Fix Released


** Tags: seg sts
-- 
Out of memory issue for websocket client
https://bugs.launchpad.net/bugs/1903733
You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report.