You have been subscribed to a public bug by Eric Desrochers (slashd): [Impact] Applications using package python-tornado v5.1.1 or earlier are susceptible to an out of memory error related to websockets.
[Other Info] Upstream commit(s): https://github.com/tornadoweb/tornado/pull/2351/commits/20becca336caae61cd24f7afba0e177c0a210c70 $ git remote -v origin https://github.com/tornadoweb/tornado.git (fetch) origin https://github.com/tornadoweb/tornado.git (push) $ git describe --contains 20becca3 v5.1.0b1~28^2~1 $ rmadison python3-tornardo => python3-tornado | 4.2.1-1ubuntu3 | xenial python3-tornado | 4.5.3-1 | bionic/universe => python3-tornado | 4.5.3-1ubuntu0.1 | bionic-updates/universe python3-tornado | 6.0.3+really5.1.1-3 | focal/universe python3-tornado | 6.0.4-2 | groovy/universe python3-tornado | 6.0.4-3 | hirsute/universe python3-tornado | 6.1.0-1 | hirsute-proposed/universe [Original Description] Tornado has no 'flow control' for websockets. A websocket will receive data as fast as it can, and store the data in a deque. If that data is not consumed as fast as it is written, then that deque will grow in size indefinitely, ultimately leading to a memory error and killing the process. Fix is to use a Queue. Read and get messages from the queue on the client side. Patch file [0] Commit history [1] GitHub [2] Issue [3] [0] https://patch-diff.githubusercontent.com/raw/tornadoweb/tornado/pull/2351.patch [1] https://github.com/tornadoweb/tornado/pull/2351/commits [2] https://github.com/tornadoweb/tornado [3] https://github.com/tornadoweb/tornado/issues/2341 [Test Case] I was unable to provide adequate testing and/or a reproducer for this bug. In the bionic patch, the unit tests were failing and I have added another patch to address this d/p/0001-test-Skip-test_source_port_fail-when-running-as-root.patch ** Affects: python-tornado (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: python-tornado (Ubuntu Xenial) Importance: Undecided Assignee: Heather Lemon (hypothetical-lemon) Status: In Progress ** Affects: python-tornado (Ubuntu Bionic) Importance: Undecided Assignee: Heather Lemon (hypothetical-lemon) Status: In Progress ** Affects: python-tornado (Ubuntu Focal) Importance: Undecided Status: Fix Released ** Affects: python-tornado (Ubuntu Groovy) Importance: Undecided Status: Fix Released ** Affects: python-tornado (Ubuntu Hirsute) Importance: Undecided Status: Fix Released ** Tags: seg sts -- Out of memory issue for websocket client https://bugs.launchpad.net/bugs/1903733 You received this bug notification because you are a member of STS Sponsors, which is subscribed to the bug report. -- Mailing list: https://launchpad.net/~sts-sponsors Post to : [email protected] Unsubscribe : https://launchpad.net/~sts-sponsors More help : https://help.launchpad.net/ListHelp
