Skip to content

Fix StackOverflowError in caused by missing re-entrancy guard#11838

Open
ValentinZakharov wants to merge 1 commit into
masterfrom
vzakharov/fix-request-dispatcher-reentrancy-soe
Open

Fix StackOverflowError in caused by missing re-entrancy guard#11838
ValentinZakharov wants to merge 1 commit into
masterfrom
vzakharov/fix-request-dispatcher-reentrancy-soe

Conversation

@ValentinZakharov

Copy link
Copy Markdown
Contributor

What Does This Do

Adds a re-entrancy guard to RequestDispatcherAdvice so that when forward() is triggered recursively from inside setAttribute(), the advice skips immediately instead of running again.

Motivation

Production StackOverflowError in SAP Hybris/Spartacus (v1.63.0).

When tracing a RequestDispatcher.forward() call, the tracer injects propagation headers by calling request.setAttribute(). In Hybris, a custom request wrapper intercepts setAttribute() and fires another forward() - which the tracer instruments again, calling setAttribute() again:

image

The fix uses CallDepthThreadLocalMap - already present in AsyncContextInstrumentation for the same reason - to detect re-entrant calls and exit immediately.

Additional Notes

  • Nested forward()/include() calls made from a servlet body will no longer generate child spans. This is the same trade-off already accepted in AsyncContextInstrumentation.
  • A regression test is included that reproduces the Hybris re-dispatch pattern with a synthetic HttpServletRequestWrapper.

Contributor Checklist

  • Format the title according to the contribution guidelines
  • Assign the type: and (comp: or inst:) labels in addition to any other useful labels
  • Avoid using close, fix, or any linking keywords when referencing an issue
    Use solves instead, and assign the PR milestone to the issue
  • Update the CODEOWNERS file on source file addition, migration, or deletion
  • Update public documentation with any new configuration flags or behaviors
  • Add your completed PR to the merge queue by commenting /merge. You can also:
    • Customize the commit message associated with the merge with /merge --commit-message "..."
    • Remove your PR from the merge queue with /merge -c
    • Skip all merge queue checks with /merge -f --reason "reason"; please use this judiciously, as some checks do not run at the PR-level (note: the PR still needs to be mergeable, this will only skip the pre-merge build)
    • Get more information in this doc

Jira ticket: [PROJ-IDENT]

@ValentinZakharov ValentinZakharov self-assigned this Jul 2, 2026
@ValentinZakharov ValentinZakharov added type: bug Bug report and fix inst:servlet Servlet instrumentation labels Jul 2, 2026
@ValentinZakharov ValentinZakharov requested a review from a team as a code owner July 2, 2026 09:59
@ValentinZakharov ValentinZakharov requested review from ygree and removed request for a team July 2, 2026 09:59

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: f7e8144fd7

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

if (scope == null) {
return;
}
CallDepthThreadLocalMap.reset(RequestDispatcher.class);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep the call-depth guard active through context restore

In the normal servlet dispatch path requestContext is non-null because the servlet advice stores DD_CONTEXT_ATTRIBUTE on the request, so resetting the call-depth guard before request.setAttribute(DD_CONTEXT_ATTRIBUTE, requestContext) reopens the same recursion window on exit. With wrappers that redispatch from setAttribute() (the production scenario this fixes), the restore call now starts another fully instrumented forward() while the dispatcher span is still active, which can repeat from each nested exit and still overflow; keep the guard set until after all advice-driven setAttribute calls have completed.

Useful? React with 👍 / 👎.

@dd-octo-sts

dd-octo-sts Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

🟢 Java Benchmark SLOs — All performance SLOs passed

Suite Status
Startup 🟢 pass

SLO thresholds are defined here based on automatically generated metrics. A warning is raised when results are within 5% of the threshold.

PR vs. master results
Scenario Candidate master Δ (95% CI of mean)
startup:insecure-bank:iast:Agent 14.00 s 13.91 s [-0.2%; +1.4%] (no difference)
startup:insecure-bank:tracing:Agent 12.99 s 13.00 s [-0.8%; +0.7%] (no difference)
startup:petclinic:appsec:Agent 16.87 s 16.49 s [+1.3%; +3.3%] (significantly worse)
startup:petclinic:iast:Agent 16.87 s 16.99 s [-1.6%; +0.2%] (no difference)
startup:petclinic:profiling:Agent 16.38 s 16.87 s [-7.2%; +1.3%] (no difference)
startup:petclinic:sca:Agent 16.93 s 16.76 s [+0.0%; +2.0%] (maybe worse)
startup:petclinic:tracing:Agent 16.02 s 15.72 s [-2.5%; +6.3%] (no difference)

Commit: f7e8144f · CI Pipeline · Benchmarking Platform UI


Load and DaCapo benchmarks can be triggered manually in the GitLab pipeline. Results will appear in the Benchmarking Platform UI after completion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

inst:servlet Servlet instrumentation type: bug Bug report and fix

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant