Public fix: Limit buffering on the QPACK encoder stream.

A malicious peer may block our stack from sending data on the QPACK encoder
stream (via flow control) while still generating traffic, causing an unlimited
amount of data to be buffered.  To prevent this from happening, this CL makes
QpackEncoder check if the amount of data currently buffered on the send encoder
stream exceeds 64 kB, and if so, it does not emit any further encoder stream
instructions.  It still encodes headers in a spec-compliant way using string
literals and references to static table entries and already emitted dynamic
table entries.

Note that since the buffered amount of data is only checked at the beginning of
encoding each header block, it might increase above the threshold by as much as
encoder stream instructions required to encode the header block.  However,
subsequent header blocks will not trigger any writes on the encoder stream until
the number of buffered bytes goes back below the threshold.

Protected by FLAGS_quic_reloadable_flag_quic_limit_encoder_stream_buffering.

PiperOrigin-RevId: 428482893
10 files changed
tree: 5ca7f892a117744bac9bb19bf6251f23be830790
  1. common/
  2. epoll_server/
  3. http2/
  4. quic/
  5. spdy/


QUICHE stands for QUIC, Http/2, Etc. It is Google‘s production-ready implementation of QUIC, HTTP/2, HTTP/3, and related protocols and tools. It powers Google’s servers, Chromium, Envoy, and other projects. It is actively developed and maintained.

There are two public QUICHE repositories. Either one may be used by embedders, as they are automatically kept in sync:

To embed QUICHE in your project, platform APIs need to be implemented and build files need to be created. Note that it is on the QUICHE team's roadmap to include default implementation for all platform APIs and to open-source build files. In the meanwhile, take a look at open source embedders like Chromium and Envoy to get started:

To contribute to QUICHE, follow instructions at

QUICHE is only supported on little-endian platforms.