'Corrupt deflate stream' error on some websites (curl and Firefox are fine) #84
Comments
|
If I understand things correctly, you should be able to get the compressed response using |
|
I tried In all cases, the actual body seems to be decompressed completely. I therefore wonder whether the content length reported by the server is correct... |
|
Here is the body of the above request attached: body.gz It came with the headers: gzip does not seem to like it either: but that also suggesta that the unexpected EOF I got using the |
|
From reading into cURL's source, my initial guess would be that its handling of expected but ignored trailer bytes in https://github.com/curl/curl/blob/ecb13416e316fc1c781f865d2bb7e74462ef793b/lib/content_encoding.c#L135 might make the difference... |
|
And cURL's seems ignore an error condition which I do not understand yet: https://github.com/curl/curl/blob/ecb13416e316fc1c781f865d2bb7e74462ef793b/lib/content_encoding.c#L221 |
|
I wonder if we could bypass this issue by simply sending Worst case, gzip is not supported and the content is sent in plain. |
|
I think we might be running into these kind of errors. |
|
I've also seen 20 "invalid gzip header" errors in the top 1M. Here's the data: invalid-gzip-header.tar.gz That does sound like the issues with "deflate" encoding that the article talks about. |
I do not yet understand is how this relates to my tests against The error message comes from https://github.com/rust-lang/flate2-rs/blob/90d9e5ed866742ce8b3946d156830e300d1e5aab/src/zio.rs#L152 and this code is generic w.r.t. to gzip or deflate headers, so I don't think it refers to the actual format in use. |
|
I tried playing with the accept endoing header that we send to |
While I agree in principle, the observation that both cURL and Firefox are able to handle this suggests there are workarounds. Especially, even us and |
|
For what it's worth, I did a test with reqwest, and it seems like it also has this problem. It would be neat to get to the bottom of this and fix it across the ecosystem. use reqwest::blocking::Client;
fn main() -> Result<(), reqwest::Error> {
let client = Client::new();
let req = client
.get("http://landolts.com")
.header("Accept-Encoding", "gzip")
.build()?;
println!("{:?}", req.headers());
let resp = client.execute(req)?;
println!("{}", resp.text()?);
Ok(())
} |
|
I think we might be able to find some information on this stack overflow answer by Mark Adler. |
|
I have the same test code implemented for 4 clients and growing in https://github.com/Shnatsel/rust-http-clients-smoke-test, it might come in handy for comparing behavior between clients. |
|
My current guess is that But admittedly, I am not very confident in my reading of the cURL code. But at least, missing CRC and size information would explain why the body is completely decompressed and only then an error is raised. It would also make sense to e.g. give |
|
Golang's http library has this issue as well. Looks like curl is one of the few places that figured it out. |
Some websites, such as
hajime.us, fail to load using attohttpc:Io Error: corrupt deflate stream. They load fine using Firefox and the curl command-line tool.Tested using this code. Test tool output from all affected websites: attohttpc-deflate-corrupt-stream.tar.gz
40 websites out of the top million from Feb 3 Tranco list are affected.
I suspect this is an issue with the underlying DEFLATE implementation, but assistance in isolating the failure (e.g. dumping the DEFLATE stream so I could report a bug against miniz_oxide) would be appreciated.
The text was updated successfully, but these errors were encountered: