CRITICAL LibUV Bug Kills whole server before route execution #10241
Comments
|
I was having the issue occur before on production and dev, but the repo I linked only has it occuring on dev, which of course would be much less of a worry, and is possibly a vite problem if it's dev only. Edit: I can get this error in production to occur via my fuzz testing, I'm just having issue isolating the test to get it to occur cleanly in the sample repo |
|
Affected LibUV Source seems to be a UTF-8 to UTF-16 conversion issue |
|
With openapi-fuzzer installed you can kill a production remix.js server which has no routes defined. I still haven't pin-pointed the exact offending request yet, but the setup in the source will hit it eventually.
Since it is a libuv utf8 -> utf16 issue, I doubt it something directly in the remix.js code, however it does affect all remix.js express servers so I will keep this issue open until I can find the closest NodeJS dependency to this issue. |
|
Found an exact packet that will consistently kill a production remix.js express.js server Note if you stringify the buffer then send the string instead of the raw buffer the server will not die. Edit: It seems to be a combination of the URL path + API-KEY header in that packet that creates the issue, because if you reduce the path to something that makes sense the bug goes away, but if you restore it and also remove that header it also resolves the issue, so it's clearly a conjunction of the two creating this issue |
|
Removing these lines stops the issue from occuring: app.use(
viteDevServer
? viteDevServer.middlewares
: express.static("build/client")
);However leaving |
|
I tracked down the offending cause, and confirmed by removing this call it does fix one fuzz test case, however I believe this issue should remain open until a patch is available because it doesn't explain how the other http headers were affecting this, and there is likely another issue also occuring, but is hard to find while there isn't a patch for this case. remix.js -> express.js -> serve-static -> send.SendStream.sendFile:L629-L634 fs.stat(p, function (err, stat) {
if (err) return next(err)
if (stat.isDirectory()) return next()
self.emit('file', p, stat)
self.send(p, stat)
}) |
|
NVM, actually the |
There are potentially two issues, one which can only take down a development server, and once which can take down a production remix.js * express.js server (haven't tested on other adapters).
Both issues trigger the same libuv assertion which is not handled anywhere causing the entire node instance to exit.
The lowest JS function which ends up calling the libuv function has not yet be found and may not be part of remix.js, but it does affect remix.js servers so I'll keep this issue open until the true fault is found.
Note, this crash is causing the server to close so fast that the console.log buffers are not flushed which makes finding the culpret function quite annoying.
Reproduction
npm iMalformed URL
npm run devFails an assertion in what I assume is libuv, however it appears to fail so rapidly that morgan doesn't get to log the request.
Malformed Packet
npm run startor dev `npm run devnode kill.jsSystem Info
System: OS: Windows 11 10.0.22631 CPU: (22) x64 Intel(R) Core(TM) Ultra 7 155H Memory: 4.30 GB / 15.74 GB Binaries: Node: 22.2.0 - C:\Program Files\nodejs\node.EXE npm: 10.9.0 - C:\Program Files\nodejs\npm.CMD Browsers: Edge: Chromium (128.0.2739.42) Internet Explorer: 11.0.22621.3527The text was updated successfully, but these errors were encountered: