http: emit ERR_STREAM_DESTROYED if the socket is destroyed

[mcollina]

The pipeline utility assumes that a stream is going to error if it
could not be written to it. If an http.OutgoingMessage was piped after
the underlining socket had been destroyed, the whole pipeline would not
be teared down, resulting in a file descriptor and memory leak.

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• commit message follows commit guidelines

[mcollina]

cc @ronag @Trott

[BridgeAR]

If I am not mistaken, this results in the ERR_STREAM_DESTROYED as well?

Suggested change

	req.on('error', common.mustCall());
	req.on('error', common.expectsError({
	code: 'ERR_STREAM_DESTROYED'
	}));

[Trott]

ping @mcollina Does that suggestion above seem good to you? (Seems good to me....)

[mcollina]

That's going to be 'ECONNRESET' on my machine.

[BridgeAR]

Is there a specific reason to silence all errors besides the first one?

[ronag]

@BridgeAR: that's how streams do it, see destroy.js.

[mcollina]

The reason is that this will normally be called 4 times in case this condition is met, as a response is composed of 4 chunks.

[ronag]

Should probably also apply the kErrored logic got writeAfterEndNT, and maybe _implicitHeader and pipe. Maybe refactored out into a helper along the lines of errorOrDestroy?

[ronag]

What's the reason for the listener count check? We don't do this for streams?

[ronag]

nit, !this[kErrored]

[mcollina]

The reason is not to break a lot of tests, and keep this semver-minor.

[ronag]

Could you add a comment for that at least? Then maybe we can "fix" it in a semver-major in the future?

[ronag]

nit kErrorEmitted to more closely follow streams

[ronag]

Should we initialize kErrored in the constructor? Or will that unnecessarily increase object size?

[mcollina]

I'm not adding that to the constructor exactly because of that. I can add it if we think it's worth adding, it's not a big deal anyway.

[ronag]

Sounds good either way to me. Just checking if it was intentional.

[ronag]

I believe this should be emitted in next tick? That's what we want in stream?

[ronag]

Maybe same thing with callback?

[mcollina]

I'm actually removing calling the callback here. It's not needed to fix the actual issue, and it can be done in a later step.

[mcollina]

We cannot remove the callback or something else is going to fail. Essentially if we want to emit error here, we need to call the callback synchronously first :/.

[ronag]

Something else, as in a test? Add another comment for future semver-major?

[mcollina]

Should probably also apply the kErrored logic got writeAfterEndNT, and maybe _implicitHeader and pipe. Maybe refactored out into a helper along the lines of errorOrDestroy?

I'm not sure about that. The reason I added kErrored was because otherwise we would have 4 'error' events instead of 1 for normal operations.

[ronag]

I'm not sure about that.

Could you explain a little further? In Writable we only emit one error? The only reason (as far as I understand) that this is not a Writable is performance concerns. So in my opinion this should behave as similar as possible without affecting performance.

[mcollina]

The overall reason for not doing that in this PR is to keep it as strictly semver-minor as possible, so it can be backported.

[ronag]

The overall reason for not doing that in this PR is to keep it as strictly semver-minor as possible, so it can be backported.

Sounds reasonable. I'm willing to make a semver-major PR in the future to make it more stream-like.

[Trott]

Rebased and force-pushed to get rid of conflict.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/25195/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/25202/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/25203/

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/25204/

[mcollina]

CI is not flaky, windows is failing :/

Mismatched <anonymous> function calls. Expected exactly 2, actual 1.
    at Object.mustCall (c:\workspace\node-test-binary-windows-2\test\common\index.js:337:10)
    at Server.<anonymous> (c:\workspace\node-test-binary-windows-2\test\parallel\test-http-destroyed-socket-write2.js:52:26)
    at Object.onceWrapper (events.js:297:20)
    at Server.emit (events.js:209:13)
    at emitListeningNT (net.js:1262:10)
    at processTicksAndRejections (internal/process/task_queues.js:77:11)

[jasnell]

Ping @mcollina and @ronag

[mcollina]

@ronag if you would like to take this over please do.

[github-actions]

This issue/PR was marked as stalled, it will be automatically closed in 30 days. If it should remain open, please leave a comment explaining why it should remain open.

[mcollina]

@ronag wdyt? Should we revive this or should I close it?

[ronag]

@ronag wdyt? Should we revive this or should I close it?

@mcollina I'm on vacation next month so I hope to cleanup some of these. Thanks for the ping!

[ronag]

@mcollina: I think this PR is no longer making correct assumptions. Streams do not emit ERR_STREAM_DESTROYED (at least not anymore) and will only provide it as an error to the callback.

If the underlying socket is prematurely destroyed (without error) that should already error the OutgoingMessage. Though, I'm not sure whether that is actually the case for ServerResponse?

What we should probably fix is:

• Make sure the callback is invoked with ERR_STREAM_DESTROYED.
• Have pipeline check during invocation whether any of the streams already is .destroyed and error the pipeline with ERR_STREAM_DESTROYED.

I would recommend we close this PR and make an issue for the callback and pipeline issue. Thoughts?

[mcollina]

I'll close this. Could you open the issue?