diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-08-10 02:30:35 +0300 |
---|---|---|
committer | Beth Griggs <Bethany.Griggs@uk.ibm.com> | 2019-08-15 17:19:39 +0300 |
commit | 7f11465572888340b4c7b399c1f46598d1c4ea50 (patch) | |
tree | f7c4b9029f33ea0c9134d87d6da56d7167dbd905 /test | |
parent | 2eb914ff5f1f3ddcbe91c50c5b0ae3fe565e2bba (diff) |
http2: do not create ArrayBuffers when no DATA received
Lazily allocate `ArrayBuffer`s for the contents of DATA frames.
Creating `ArrayBuffer`s is, sadly, not a cheap operation with V8.
This is part of performance improvements to mitigate CVE-2019-9513.
Together with the previous commit, these changes improve throughput
in the adversarial case by about 100 %, and there is little more
that we can do besides artificially limiting the rate of incoming
metadata frames (i.e. after this patch, CPU usage is virtually
exclusively in libnghttp2).
[This backport also applies changes from 83e1b9744317 and required
some manual work due to the lack of `AllocatedBuffer` on v10.x.]
Refs: https://github.com/nodejs/node/pull/26201
Backport-PR-URL: https://github.com/nodejs/node/pull/29123
PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'test')
-rw-r--r-- | test/sequential/test-http2-max-session-memory.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/test/sequential/test-http2-max-session-memory.js b/test/sequential/test-http2-max-session-memory.js index 644a20a3c88..f770ee11394 100644 --- a/test/sequential/test-http2-max-session-memory.js +++ b/test/sequential/test-http2-max-session-memory.js @@ -8,7 +8,7 @@ const http2 = require('http2'); // Test that maxSessionMemory Caps work -const largeBuffer = Buffer.alloc(1e6); +const largeBuffer = Buffer.alloc(2e6); const server = http2.createServer({ maxSessionMemory: 1 }); |