Mark connections broken on protocol I/O failures#4549
Conversation
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
|
Thanks for the PR — the team will take a look as soon as we have free cycles. In the meantime, to get the formatting checks passing, please add the new files to the formatter config in pom.xml and run mvn format over them. That should resolve the current CI failures. |
|
Thanks for the guidance. I added the new test file to the formatter config, ran the formatter, and pushed the fix in 724d5ee. I also verified locally with:
The GitHub Actions workflows on the latest commit currently show as action_required, so I’m waiting for them to be approved/rerun. |
|
@lh0156 |
There was a problem hiding this comment.
Pull request overview
This PR hardens redis.clients.jedis.Connection error handling so that protocol I/O failures (write/flush/read/push paths) reliably mark a connection as broken, preventing pooled connections with potentially contaminated RESP state from being reused (fixes #4278).
Changes:
- Update
Connectionto mark broken on protocol send/flush/read/push failures (notablyJedisConnectionExceptionandError) and to reject reads/writes once broken. - Preserve the existing “read Redis error line if possible” diagnostic when
sendCommandfails, while ensuring the connection is already marked broken first. - Add comprehensive unit coverage for serialization/write failures, protocol read failures, push read failures, and pool invalidation behavior; register the test in the formatter plugin includes.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| src/main/java/redis/clients/jedis/Connection.java | Marks connections broken on key protocol failure paths and adds broken-state guards. |
| src/test/java/redis/clients/jedis/ConnectionErrorHandlingTest.java | Adds focused tests covering broken-state behavior across send/flush/read/push and pool invalidation scenarios. |
| pom.xml | Registers the new test file in the formatter plugin includes list. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
atakavci
left a comment
There was a problem hiding this comment.
i suggest to investigate if connect outside of tyry-block 💯 safe
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Reviewed by Cursor Bugbot for commit cd826b2. Configure here.
9d725fa to
cd826b2
Compare
|
Nice work! I did another review pass, and I think the main remaining gap is hardening the Specifically, there is still a window in |
|
Thanks for the review. I addressed the remaining After a command is sent, reply consumption now goes through For I also added regression coverage for the builder lookup case and verified locally with: mvn -B -Dwith-param-names=true -Dtest=ConnectionErrorHandlingTest test |
- Wrap healthy-connection tests in try-with-resources - Suppress resource lint on tests using failing output streams - Add dedicated close-on-broken-flush tests
0fb52b7 to
a90040e
Compare

Fixes #4278.
Summary
Connectionbroken when protocol send/read/push paths fail withJedisConnectionExceptionorError.Motivation
If a pooled connection fails while RESP bytes are being written or read, the connection can retain partial or stale protocol state. Returning that connection to the pool as healthy can allow a later borrower to read stale data.
Redis error replies are still valid protocol responses, so
JedisDataExceptionpaths continue to leave the connection reusable.Notes
sendCommandis preserved.Testing
/Users/developseop/.m2/wrapper/dists/apache-maven-3.9.15/9925cc1d/bin/mvn -B -Dwith-param-names=true -Dtest=ConnectionErrorHandlingTest test/Users/developseop/.m2/wrapper/dists/apache-maven-3.9.15/9925cc1d/bin/mvn -B -Dwith-param-names=true -Dnet.bytebuddy.experimental=true testNote
High Risk
Changes core connection lifecycle used by every pooled client; incorrect broken vs healthy classification could discard good connections or return stale RESP state to the pool.
Overview
Connectionnow consistently marks itself broken on RESP send/read/push failures (JedisConnectionException, I/O/RuntimeExceptionduring writes, andError), whileJedisDataExceptionand post-read builder failures still leave the connection reusable.New
markBrokenhelpers centralize that behavior;sendCommandchecksbrokenbefore writing (skipping diagnostic Redis error reads on already-broken sockets);flushandreadProtocolWithCheckingBrokenreject further I/O on broken connections;readReplyAfterCommandSentwraps reply reads soErrorduringexecuteCommandalso breaks the connection. Write failures still run the optional Redis-ERRline enrichment only after marking broken.Adds
ConnectionErrorHandlingTest(fake sockets, pool invalidation vs healthy reuse on data errors) and registers it in the formatterpom.touchintegration tests now assertOBJECT IDLETIMEis in 0–1 after touch instead of exactly 0.Reviewed by Cursor Bugbot for commit 6641f2c. Bugbot is set up for automated code reviews on this repo. Configure here.