Enforce HttpClient limits on GetFromJsonAsync #79386
Conversation
|
Tagging subscribers to this area: @dotnet/ncl Issue DetailsEnforces
|
| { | ||
| using Stream contentStream = await HttpContentJsonExtensions.GetContentStreamAsync(content, linkedCTS?.Token ?? cancellationToken).ConfigureAwait(false); | ||
|
|
||
| var lengthLimitStream = new LengthLimitReadStream(contentStream, (int)client.MaxResponseContentBufferSize); |
There was a problem hiding this comment.
Can we avoid allocating this wrapper stream if MaxResponseContentBufferSize is the default int.MaxValue? Not just about this allocation, but about the increased cost on every individual read operation.
There was a problem hiding this comment.
Sure.
Looks like the DeleteAsync overload doesn't use ResponseHeadersRead, so we can avoid all of this overhead there as well.
While on the topic, wrapper streams like these are the primary reason why I opened #77935. The per-call allocation overhead disappears with zero-byte reads.
Another similar example is the WebSockets telemetry in YARP where we intercept a read stream like this, but it adds almost no overhead because YARP does zero-byte reads by default
There was a problem hiding this comment.
Looking at this again, I don't think we should avoid this wrapper - we'd still want to prevent the deserialize from reading more than 2 GB in that case.
There was a problem hiding this comment.
The per-call allocation overhead disappears with zero-byte reads.
How so?
There was a problem hiding this comment.
The read in the wrapper stream is implemented like so:
ValueTask<int> readTask = _innerStream.ReadAsync(buffer, cancellationToken);
if (buffer.IsEmpty)
{
return readTask;
}
if (readTask.IsCompletedSuccessfully)
{
int read = readTask.Result;
CheckLengthLimit(read);
return new ValueTask<int>(read);
}
return Core(readTask); // AllocateAssuming the caller is using zero-byte reads, you will alternate between
- The
buffer.IsEmptybranch for the zero-byte read where we'll just pass through the task as we're not interested in the result (it won't affect the read limit) - The
readTask.IsCompletedSuccessfullybranch after a zero-byte read as data is available immediately
You'll only hit the allocating path if the underlying stream doesn't support zero-byte reads, or if you hit an exception.
The WebSocket telemetry stream I mentioned is using exactly the same pattern. The result of the zero-byte read doesn't affect us as there isn't any data to parse.
src/libraries/System.Net.Http.Json/src/System/Net/Http/Json/HttpClientJsonExtensions.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Http.Json/src/System/Net/Http/Json/LengthLimitReadStream.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Http.Json/src/System/Net/Http/Json/LengthLimitReadStream.cs
Outdated
Show resolved
Hide resolved
src/libraries/System.Net.Http.Json/src/System/Net/Http/Json/LengthLimitReadStream.cs
Outdated
Show resolved
Hide resolved
MihaZupan
force-pushed
the
http-getjson-limits
branch
from
66f61b3 to
f103729
Compare
ghost
locked as resolved and limited conversation to collaborators
Enforces
HttpClient.TimeoutandHttpClient.MaxResponseContentBufferSizeon the whole response (including the content transfer) to matchHttpClient.Get{String/ByteArray}Async.