65726 – NullPointerException while reading request input with H2C upgraded exchanges

Bug 65726 - NullPointerException while reading request input with H2C upgraded exchanges

Summary: NullPointerException while reading request input with H2C upgraded exchanges

Status:	RESOLVED FIXED

Alias:	None

Product:	Tomcat 9
Classification:	Unclassified
Component:	Connectors (show other bugs)
Version:	9.0.55
Hardware:	PC Mac OS X 10.1

Importance:	P2 normal (vote)
Target Milestone:	-----
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-06 14:18 UTC by bclozel
Modified:	2021-12-07 11:46 UTC (History)
CC List:	1 user (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description bclozel 2021-12-06 14:18:50 UTC

See https://github.com/spring-projects/spring-boot/issues/28912 for original issue.

It looks like trying to read the request body with an H2C-upgraded request fails with an NPE, while this doesn't fail with H2C prior-knowledge or HTTP 1.1.

Here is the stacktrace:

java.lang.NullPointerException: Cannot invoke "org.apache.coyote.InputBuffer.doRead(org.apache.tomcat.util.net.ApplicationBufferHandler)" because "this.inputBuffer" is null
	at org.apache.coyote.Request.doRead(Request.java:640)
	at org.apache.catalina.connector.InputBuffer.realReadBytes(InputBuffer.java:317)
	at org.apache.catalina.connector.InputBuffer.checkByteBufferEof(InputBuffer.java:600)
	at org.apache.catalina.connector.InputBuffer.read(InputBuffer.java:340)
	at org.apache.catalina.connector.CoyoteInputStream.read(CoyoteInputStream.java:132)
	at java.base/java.io.InputStream.readNBytes(InputStream.java:409)
	at java.base/java.io.InputStream.readAllBytes(InputStream.java:346)
	at h2c.H2cServlet.doGet(H2cServlet.java:18)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:655)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
	at org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:413)
	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
	at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:74)
	at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
	at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.base/java.lang.Thread.run(Thread.java:833)


A sample application can be found here: https://github.com/bclozel/h2c-tomcat

Comment 1 Mark Thomas 2021-12-06 23:17:06 UTC

Thanks for the report.

There are a couple of TODOs for support for request bodies during HTTP/1.1 upgrade in the code. The NPE is caused by the current lack of support.

I have a patch for this. Just need to do a little more testing.

Comment 2 Mark Thomas 2021-12-07 11:46:36 UTC

Fixed in:
- 10.1.x for 10.1.0-M9 onwards
- 10.0.x for 10.0.15 onwards
- 9.0.x for 9.0.57 onwards
- 8.5.x for 8.5.74 onwards