Cloudflare's engineering team recently uncovered a bug in the hyper HTTP library during a rewrite of their Images service binding. The bug, present from hyper 0.10.x through the current 1.x releases, affects applications that use hyper's HTTP/2 implementation, particularly those managing large numbers of concurrent connections.
The issue lies in hyper's internal h2 connection management. Under specific conditions, the library would drop an HTTP/2 connection without properly notifying the application layer, leading to silently dropped requests and wasted resources. The bug was triggered when the application sent a RST_STREAM frame shortly after a HEADERS frame. In such cases, hyper's state machine would incorrectly treat the connection as closed for further requests, but would not propagate the error to the user's code.
- Concrete changes: The fix, implemented in hyper 0.14.27 and 1.1.5, ensures that the
h2connection close event is properly propagated when aRST_STREAMis sent immediately after headers. The patch modifies the internaldispatchlogic inproto::h2::dispatchto correctly handle theGoAwayandResetstates. - The bug was discovered while Cloudflare was refactoring their Images binding to use a more modern hyper version. The team noticed that after switching from hyper 0.12 to 1.x, some requests were timing out without any error logs.
- Cloudflare contributed the fix upstream, and the hyper maintainers merged it promptly. Developers using hyper for HTTP/2 should update to the patched versions to avoid silent request drops.
For developers, this highlights the importance of thorough integration testing when upgrading dependencies, especially in high-concurrency environments. Even mature libraries like hyper can harbor subtle state-machine bugs that only manifest under specific load patterns.