Skip to content

okhttp: HPACK should fail on varint overflow#12766

Merged
ejona86 merged 1 commit intogrpc:masterfrom
ejona86:okhttp-varint-max
Apr 21, 2026
Merged

okhttp: HPACK should fail on varint overflow#12766
ejona86 merged 1 commit intogrpc:masterfrom
ejona86:okhttp-varint-max

Conversation

@ejona86
Copy link
Copy Markdown
Member

@ejona86 ejona86 commented Apr 20, 2026

This does reduce the largest supported integer from just less than 2^32 to slightly more than 2^29, which does not seem a significant loss.

It would previously produce a corrupted integer, which makes debugging annoying. Note that continuations can contain just zeros and should still be detected as resulting in overflow, without waiting for any eventual 1.

We could leave the encoder supporting up to 2^32-1, but it just seems wrong to encode values that the same implementation couldn't decode.

Noticed by @August829

This does reduce the largest supported integer from just less than 2^32
to slightly more than 2^29, which does not seem a significant loss.

It would previously produce a corrupted integer, which makes debugging
annoying. Note that continuations can contain just zeros and should
still be detected as resulting in overflow, without waiting for any
eventual 1.

We could leave the encoder supporting up to 2^32-1, but it just seems
wrong to encode values that the same implementation couldn't decode.

Noticed by @August829
@ejona86 ejona86 requested a review from kannanjgithub April 20, 2026 22:01
@ejona86 ejona86 merged commit ec10992 into grpc:master Apr 21, 2026
17 checks passed
@ejona86 ejona86 deleted the okhttp-varint-max branch April 21, 2026 05:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants