fix: request memory corruption on fallback (#1322)

**Description**

Currently, there is subtle request memory corruption due to sjson
ReplaceInPlace usage.

sjson modifies the original buffer when ReplaceInPlace is set. This
causes request memory corruption during sjson.SetBytesOption calls to
replace string(eg: model overwrite). This issue is always consistently
reproducible in fallback mode. It happens in other cases as well but not
evident as original request is not reused.

---------

Signed-off-by: Johnu George <[email protected]>
Co-authored-by: Takeshi Yoneda <[email protected]>

Author: johnugeorge

internal/extproc/chatcompletion_processor.go

@@ -118,7 +118,12 @@ func (c *chatCompletionProcessorRouterFilter) ProcessRequestBody(ctx context.Con
 		body.StreamOptions = &openai.StreamOptions{IncludeUsage: true}
 		// Rewrite the original bytes to include the stream_options.include_usage=true so that forcing the request body
 		// mutation, which uses this raw body, will also result in the stream_options.include_usage=true.
-		rawBody.Body, err = sjson.SetBytesOptions(rawBody.Body, "stream_options.include_usage", true, translator.SJSONOptions)
+		rawBody.Body, err = sjson.SetBytesOptions(rawBody.Body, "stream_options.include_usage", true, &sjson.Options{
+			Optimistic: true,
+			// Note: it is safe to do in-place replacement since this route level processor is executed once per request,
+			// and the result can be safely shared among possible multiple retries.
+			ReplaceInPlace: true,
+		})
 		if err != nil {
 			return nil, fmt.Errorf("failed to set stream_options: %w", err)
 		}

internal/extproc/completions_processor.go

@@ -108,7 +108,12 @@ func (c *completionsProcessorRouterFilter) ProcessRequestBody(_ context.Context,
 		body.StreamOptions = &openai.StreamOptions{IncludeUsage: true}
 		// Rewrite the original bytes to include the stream_options.include_usage=true so that forcing the request body
 		// mutation, which uses this raw body, will also result in the stream_options.include_usage=true.
-		rawBody.Body, err = sjson.SetBytesOptions(rawBody.Body, "stream_options.include_usage", true, translator.SJSONOptions)
+		rawBody.Body, err = sjson.SetBytesOptions(rawBody.Body, "stream_options.include_usage", true, &sjson.Options{
+			Optimistic: true,
+			// Note: it is safe to do in-place replacement since this route level processor is executed once per request,
+			// and the result can be safely shared among possible multiple retries.
+			ReplaceInPlace: true,
+		})
 		if err != nil {
 			return nil, fmt.Errorf("failed to set stream_options: %w", err)
 		}

internal/extproc/translator/openai_completions.go

@@ -51,7 +51,7 @@ func (o *openAIToOpenAITranslatorV1Completion) RequestBody(original []byte, req
 	var newBody []byte
 	if o.modelNameOverride != "" {
 		// If modelName is set we override the model to be used for the request.
-		newBody, err = sjson.SetBytesOptions(original, "model", o.modelNameOverride, SJSONOptions)
+		newBody, err = sjson.SetBytesOptions(original, "model", o.modelNameOverride, sjsonOptions)
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to set model name: %w", err)
 		}

internal/extproc/translator/openai_embeddings.go

@@ -44,7 +44,7 @@ func (o *openAIToOpenAITranslatorV1Embedding) RequestBody(original []byte, _ *op
 	var newBody []byte
 	if o.modelNameOverride != "" {
 		// If modelName is set we override the model to be used for the request.
-		newBody, err = sjson.SetBytesOptions(original, "model", o.modelNameOverride, SJSONOptions)
+		newBody, err = sjson.SetBytesOptions(original, "model", o.modelNameOverride, sjsonOptions)
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to set model name: %w", err)
 		}

internal/extproc/translator/openai_openai.go

@@ -56,7 +56,7 @@ func (o *openAIToOpenAITranslatorV1ChatCompletion) RequestBody(original []byte,
 	var newBody []byte
 	if o.modelNameOverride != "" {
 		// If modelName is set we override the model to be used for the request.
-		newBody, err = sjson.SetBytesOptions(original, "model", o.modelNameOverride, SJSONOptions)
+		newBody, err = sjson.SetBytesOptions(original, "model", o.modelNameOverride, sjsonOptions)
 		if err != nil {
 			return nil, nil, fmt.Errorf("failed to set model name: %w", err)
 		}

internal/extproc/translator/translator.go

@@ -215,9 +215,10 @@ type LLMTokenUsage struct {
 	TotalTokens uint32
 }
 
-// SJSONOptions are the options used for sjson operations in the translator.
-// This is also used outside the package to share the same options for consistency.
-var SJSONOptions = &sjson.Options{
-	Optimistic:     true,
-	ReplaceInPlace: true,
+// sjsonOptions are the options used for sjson operations in the translator.
+var sjsonOptions = &sjson.Options{
+	Optimistic: true,
+	// Note: DO NOT set ReplaceInPlace to true since at the translation layer, which might be called multiple times per retry,
+	// it must be ensured that the original body is not modified, i.e. the operation must be idempotent.
+	ReplaceInPlace: false,
 }

tests/extproc/envoy.yaml

@@ -38,6 +38,11 @@ static_resources:
                         retry_on: "5xx,gateway-error,reset,rest-before-request,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,retriable-status-codes,retriable-headers"
                         num_retries: 5
                         per_try_timeout: "30s"
+                        retry_priority:
+                          name: envoy.retry_priorities.previous_priorities
+                          typedConfig:
+                            "@type": type.googleapis.com/envoy.extensions.retry.priority.previous_priorities.v3.PreviousPrioritiesConfig
+                            updateFrequency: 1
                         retry_back_off:
                           base_interval: "0.1s"
                           max_interval: "1s"
@@ -209,6 +214,14 @@ static_resources:
                                   exact: gcp-anthropicai
                           route:
                             cluster: testupstream-gcp-anthropicai
+                        - match:
+                            prefix: "/"
+                            headers:
+                              - name: x-test-backend
+                                string_match:
+                                  exact: modelname-override-and-fallback
+                          route:
+                            cluster: testupstream-modelname-override-and-fallback
                 http_filters:
                   - name: envoy.filters.http.ext_proc
                     typed_config:
@@ -313,6 +326,76 @@ static_resources:
                   filter_metadata:
                     aigateway.envoy.io:
                       per_route_rule_backend_name: "testupstream-openai"
+    - name: testupstream-modelname-override-and-fallback
+      connect_timeout: 0.25s
+      type: STATIC
+      lb_policy: ROUND_ROBIN
+      outlier_detection:
+        consecutive_5xx: 1
+        interval: 1s
+        base_ejection_time: 2s # Must be smaller than the require.Eventually's interval. Otherwise, the tests may pass without going through the fallback since the always-failing backend could be ejected by the time when require.Eventually retries due to the previous request IF the retry is not configured.
+        max_ejection_percent: 100
+      typed_extension_protocol_options:
+        envoy.extensions.upstreams.http.v3.HttpProtocolOptions:
+          "@type": type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions
+          explicit_http_config:
+            http_protocol_options: {}
+          http_filters:
+            - name: upstream_extproc
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.http.ext_proc.v3.ExternalProcessor
+                request_attributes:
+                  - xds.upstream_host_metadata
+                processing_mode:
+                  request_header_mode: "SEND"
+                  request_body_mode: "NONE"
+                  response_header_mode: "SKIP"
+                  response_body_mode: "NONE"
+                grpc_service:
+                  envoy_grpc:
+                    cluster_name: extproc_cluster
+                metadataOptions:
+                  receivingNamespaces:
+                    untyped:
+                      - io.envoy.ai_gateway
+            - name: envoy.filters.http.header_mutation
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.http.header_mutation.v3.HeaderMutation
+                mutations:
+                  request_mutations:
+                    - append:
+                        append_action: ADD_IF_ABSENT
+                        header:
+                          key: content-length
+                          value: "%DYNAMIC_METADATA(io.envoy.ai_gateway:content_length)%"
+            - name: envoy.filters.http.upstream_codec
+              typed_config:
+                "@type": type.googleapis.com/envoy.extensions.filters.http.upstream_codec.v3.UpstreamCodec
+      load_assignment:
+        cluster_name: testupstream-modelname-override-and-fallback
+        endpoints:
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: 127.0.0.1
+                      port_value: 8080
+                metadata:
+                  filter_metadata:
+                    aigateway.envoy.io:
+                      per_route_rule_backend_name: "testupstream-openai-5xx"
+            priority: 0 # Primary.
+          - lb_endpoints:
+              - endpoint:
+                  address:
+                    socket_address:
+                      address: 127.0.0.1
+                      port_value: 8080
+                metadata:
+                  filter_metadata:
+                    aigateway.envoy.io:
+                      per_route_rule_backend_name: "testupstream-openai-always-200"
+            priority: 1 # Secondary.
     - name: testupstream-modelname-override
       connect_timeout: 0.25s
       type: STATIC