Skip to content

Bug fix/race condition in get soap action #1167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
andersjonsson merged 2 commits into from
Dec 11, 2025
Merged

Bug fix/race condition in get soap action #1167

andersjonsson merged 2 commits into from
Dec 11, 2025

Conversation

@erossignon
Copy link
Contributor

@erossignon erossignon commented Dec 10, 2025

fixes #1166

This commit addresses a critical thread-safety issue in the GetSoapAction
method when parsing the Content-Type header on .NET 8 and later.

The previous implementation could lead to a race condition where a buffer rented
from `ArrayPool<Range>.Shared` was returned more than once.
This double-return could cause memory corruption and unpredictable behavior under
high concurrent loads.

The fix consists of the following changes:

- A `try-finally` block is now used to ensure the rented buffer is returned to the
  pool exactly once, regardless of the execution path.
- The loops for parsing the header now `break` as soon as the `soapAction`
  is found, improving efficiency.
- Added boundary checks to prevent potential `IndexOutOfRangeException`
  when processing malformed headers.

Additionally, a new concurrency stress test, `GetSoapAction_IsThreadSafe`, has been added
to `SoapCore.Tests`.

This test uses `Parallel.For` to execute a high volume of concurrent calls to `GetSoapAction`,
verifying that the fix is robust and effectively prevents the race condition.

@erossignon
Fix: Change MessageFilter iteration to avoid array allocation
6b7dc09 
Replaced the use of `asyncMessageFilters.Reverse()` with a direct backward
for-loop iteration to prevent unnecessary array allocations, addressing
potential performance issues when processing response message filters.
@erossignon
fix(SoapCore): Ensure thread safety in HeadersHelper.GetSoapAction Di…
f39af08 
…gDes#1166

This commit addresses a critical thread-safety issue in the `GetSoapAction`
method when parsing the `Content-Type` header on .NET 8 and later.

The previous implementation could lead to a race condition where a buffer rented
from `ArrayPool<Range>.Shared` was returned more than once.
This double-return could cause memory corruption and unpredictable behavior under
high concurrent loads.

The fix consists of the following changes:

- A `try-finally` block is now used to ensure the rented buffer is returned to the
  pool exactly once, regardless of the execution path.
- The loops for parsing the header now `break` as soon as the `soapAction`
  is found, improving efficiency.
- Added boundary checks to prevent potential `IndexOutOfRangeException`
  when processing malformed headers.

Additionally, a new concurrency stress test, `GetSoapAction_IsThreadSafe`, has been added
to `SoapCore.Tests`.

This test uses `Parallel.For` to execute a high volume of concurrent calls to `GetSoapAction`,
verifying that the fix is robust and effectively prevents the race condition.

relates to issue DigDes#1166
@andersjonsson
Copy link
Collaborator

andersjonsson commented Dec 11, 2025

Nice, thank you!

@andersjonsson andersjonsson merged commit 55bbb2d into DigDes:develop Dec 11, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

thread-safety issue in HeadersHelper.GetSoapAction due to double-returning of ArrayPool buffer

2 participants

@erossignon @andersjonsson