grpc 1.55.3 → 1.56.0.pre3

data/src/core/ext/transport/chttp2/transport/hpack_parser.cc

@@ -24,6 +24,7 @@
 #include <stdlib.h>
 
 #include <algorithm>
+#include <initializer_list>
 #include <string>
 #include <utility>
 
@@ -31,22 +32,21 @@
 #include "absl/status/status.h"
 #include "absl/strings/match.h"
 #include "absl/strings/str_cat.h"
+#include "absl/strings/str_format.h"
 #include "absl/strings/string_view.h"
 #include "absl/types/optional.h"
 #include "absl/types/span.h"
 #include "absl/types/variant.h"
 
-#include <grpc/slice.h>
 #include <grpc/support/log.h>
 
 #include "src/core/ext/transport/chttp2/transport/decode_huff.h"
 #include "src/core/ext/transport/chttp2/transport/hpack_constants.h"
-#include "src/core/ext/transport/chttp2/transport/hpack_parse_result.h"
-#include "src/core/ext/transport/chttp2/transport/hpack_parser_table.h"
 #include "src/core/lib/debug/stats.h"
 #include "src/core/lib/debug/stats_data.h"
 #include "src/core/lib/debug/trace.h"
-#include "src/core/lib/gprpp/match.h"
+#include "src/core/lib/gprpp/crash.h"
+#include "src/core/lib/gprpp/status_helper.h"
 #include "src/core/lib/slice/slice.h"
 #include "src/core/lib/slice/slice_refcount.h"
 #include "src/core/lib/surface/validate_metadata.h"
@@ -82,6 +82,39 @@ struct Base64InverseTable {
 
 constexpr Base64InverseTable kBase64InverseTable;
 
+absl::Status EnsureStreamError(absl::Status error) {
+  if (error.ok()) return error;
+  return grpc_error_set_int(std::move(error), StatusIntProperty::kStreamId, 0);
+}
+
+bool IsStreamError(const absl::Status& status) {
+  intptr_t stream_id;
+  return grpc_error_get_int(status, StatusIntProperty::kStreamId, &stream_id);
+}
+
+class MetadataSizeLimitExceededEncoder {
+ public:
+  explicit MetadataSizeLimitExceededEncoder(std::string& summary)
+      : summary_(summary) {}
+
+  void Encode(const Slice& key, const Slice& value) {
+    AddToSummary(key.as_string_view(), value.size());
+  }
+
+  template <typename Key, typename Value>
+  void Encode(Key, const Value& value) {
+    AddToSummary(Key::key(), EncodedSizeOfKey(Key(), value));
+  }
+
+ private:
+  void AddToSummary(absl::string_view key,
+                    size_t value_length) GPR_ATTRIBUTE_NOINLINE {
+    absl::StrAppend(&summary_, " ", key, ":",
+                    hpack_constants::SizeForEntry(key.size(), value_length),
+                    "B");
+  }
+  std::string& summary_;
+};
 }  // namespace
 
 // Input tracks the current byte through the input data and provides it
@@ -89,12 +122,11 @@ constexpr Base64InverseTable kBase64InverseTable;
 class HPackParser::Input {
  public:
   Input(grpc_slice_refcount* current_slice_refcount, const uint8_t* begin,
-        const uint8_t* end, HpackParseResult& error)
+        const uint8_t* end)
       : current_slice_refcount_(current_slice_refcount),
         begin_(begin),
         end_(end),
-        frontier_(begin),
-        error_(error) {}
+        frontier_(begin) {}
 
   // If input is backed by a slice, retrieve its refcount. If not, return
   // nullptr.
@@ -124,7 +156,7 @@ class HPackParser::Input {
   // of stream
   absl::optional<uint8_t> Next() {
     if (end_of_stream()) {
-      UnexpectedEOF(/*min_progress_size=*/1);
+      UnexpectedEOF();
       return absl::optional<uint8_t>();
     }
     return *begin_++;
@@ -170,16 +202,9 @@ class HPackParser::Input {
 
     // Spec weirdness: we can add an infinite stream of 0x80 at the end of a
     // varint and still end up with a correctly encoded varint.
-    // We allow up to 16 just for kicks, but any more and we'll assume the
-    // sender is being malicious.
-    int num_redundant_0x80 = 0;
     do {
       cur = Next();
       if (!cur.has_value()) return {};
-      ++num_redundant_0x80;
-      if (num_redundant_0x80 == 16) {
-        return ParseVarintMaliciousEncoding();
-      }
     } while (*cur == 0x80);
 
     // BUT... the last byte needs to be 0x00 or we'll overflow dramatically!
@@ -187,6 +212,14 @@ class HPackParser::Input {
     return ParseVarintOutOfRange(value, *cur);
   }
 
+  // Prefix for a string
+  struct StringPrefix {
+    // Number of bytes in input for string
+    uint32_t length;
+    // Is it huffman compressed
+    bool huff;
+  };
+
   // Parse a string prefix
   absl::optional<StringPrefix> ParseStringPrefix() {
     auto cur = Next();
@@ -210,13 +243,17 @@ class HPackParser::Input {
     return StringPrefix{strlen, huff};
   }
 
-  // Check if we saw an EOF
+  // Check if we saw an EOF.. must be verified before looking at TakeError
   bool eof_error() const {
-    return min_progress_size_ != 0 || error_.connection_error();
+    return eof_error_ || (!error_.ok() && !IsStreamError(error_));
   }
 
-  // Minimum number of bytes to unstuck the current parse
-  size_t min_progress_size() const { return min_progress_size_; }
+  // Extract the parse error, leaving the current error as NONE.
+  grpc_error_handle TakeError() {
+    grpc_error_handle out = error_;
+    error_ = absl::OkStatus();
+    return out;
+  }
 
   bool has_error() const { return !error_.ok(); }
 
@@ -224,55 +261,31 @@ class HPackParser::Input {
   // chttp2 does not close the connection.
   // Intended for errors that are specific to a stream and recoverable.
   // Callers should ensure that any hpack table updates happen.
-  void SetErrorAndContinueParsing(HpackParseResult error) {
-    GPR_DEBUG_ASSERT(error.stream_error());
-    SetError(std::move(error));
+  GPR_ATTRIBUTE_NOINLINE void SetErrorAndContinueParsing(
+      grpc_error_handle error) {
+    GPR_ASSERT(!error.ok());
+    // StreamId is used as a signal to skip this stream but keep the connection
+    // alive
+    SetError(EnsureStreamError(std::move(error)));
   }
 
   // Set the current error, and skip past remaining bytes.
   // Intended for unrecoverable errors, with the expectation that they will
   // close the connection on return to chttp2.
-  void SetErrorAndStopParsing(HpackParseResult error) {
-    GPR_DEBUG_ASSERT(error.connection_error());
+  GPR_ATTRIBUTE_NOINLINE void SetErrorAndStopParsing(grpc_error_handle error) {
+    GPR_ASSERT(!error.ok());
     SetError(std::move(error));
     begin_ = end_;
   }
 
-  // Set the error to an unexpected eof.
-  // min_progress_size: how many bytes beyond the current frontier do we need to
-  // read prior to being able to get further in this parse.
-  void UnexpectedEOF(size_t min_progress_size) {
-    GPR_ASSERT(min_progress_size > 0);
-    if (min_progress_size_ != 0 || error_.connection_error()) {
-      GPR_DEBUG_ASSERT(eof_error());
-      return;
-    }
-    // Set min progress size, taking into account bytes parsed already but not
-    // consumed.
-    min_progress_size_ = min_progress_size + (begin_ - frontier_);
-    GPR_DEBUG_ASSERT(eof_error());
+  // Set the error to an unexpected eof
+  void UnexpectedEOF() {
+    if (!error_.ok() && !IsStreamError(error_)) return;
+    eof_error_ = true;
   }
 
   // Update the frontier - signifies we've successfully parsed another element
-  void UpdateFrontier() {
-    GPR_DEBUG_ASSERT(skip_bytes_ == 0);
-    frontier_ = begin_;
-  }
-
-  void UpdateFrontierAndSkipBytes(size_t skip_bytes) {
-    UpdateFrontier();
-    size_t remaining = end_ - begin_;
-    if (skip_bytes >= remaining) {
-      // If we have more bytes to skip than we have remaining in this buffer
-      // then we skip over what's there and stash that we need to skip some
-      // more.
-      skip_bytes_ = skip_bytes - remaining;
-      frontier_ = end_;
-    } else {
-      // Otherwise we zoom through some bytes and continue parsing.
-      frontier_ += skip_bytes_;
-    }
-  }
+  void UpdateFrontier() { frontier_ = begin_; }
 
   // Get the frontier - for buffering should we fail due to eof
   const uint8_t* frontier() const { return frontier_; }
@@ -281,23 +294,19 @@ class HPackParser::Input {
   // Helper to set the error to out of range for ParseVarint
   absl::optional<uint32_t> ParseVarintOutOfRange(uint32_t value,
                                                  uint8_t last_byte) {
-    SetErrorAndStopParsing(
-        HpackParseResult::VarintOutOfRangeError(value, last_byte));
-    return absl::optional<uint32_t>();
-  }
-
-  // Helper to set the error in the case of a malicious encoding
-  absl::optional<uint32_t> ParseVarintMaliciousEncoding() {
-    SetErrorAndStopParsing(HpackParseResult::MaliciousVarintEncodingError());
+    SetErrorAndStopParsing(absl::InternalError(absl::StrFormat(
+        "integer overflow in hpack integer decoding: have 0x%08x, "
+        "got byte 0x%02x on byte 5",
+        value, last_byte)));
     return absl::optional<uint32_t>();
   }
 
   // If no error is set, set it to the given error (i.e. first error wins)
   // Do not use this directly, instead use SetErrorAndContinueParsing or
   // SetErrorAndStopParsing.
-  void SetError(HpackParseResult error) {
-    if (!error_.ok() || min_progress_size_ > 0) {
-      if (error.connection_error() && !error_.connection_error()) {
+  void SetError(grpc_error_handle error) {
+    if (!error_.ok() || eof_error_) {
+      if (!IsStreamError(error) && IsStreamError(error_)) {
         error_ = std::move(error);  // connection errors dominate
       }
       return;
@@ -314,156 +323,211 @@ class HPackParser::Input {
   // Frontier denotes the first byte past successfully processed input
   const uint8_t* frontier_;
   // Current error
-  HpackParseResult& error_;
-  // If the error was EOF, we flag it here by noting how many more bytes would
-  // be needed to make progress
-  size_t min_progress_size_ = 0;
-  // Number of bytes that should be skipped before parsing resumes.
-  // (We've failed parsing a request for whatever reason, but we're still
-  // continuing the connection so we need to see future opcodes after this bit).
-  size_t skip_bytes_ = 0;
+  grpc_error_handle error_;
+  // If the error was EOF, we flag it here..
+  bool eof_error_ = false;
 };
 
-absl::string_view HPackParser::String::string_view() const {
-  if (auto* p = absl::get_if<Slice>(&value_)) {
-    return p->as_string_view();
-  } else if (auto* p = absl::get_if<absl::Span<const uint8_t>>(&value_)) {
-    return absl::string_view(reinterpret_cast<const char*>(p->data()),
-                             p->size());
-  } else if (auto* p = absl::get_if<std::vector<uint8_t>>(&value_)) {
-    return absl::string_view(reinterpret_cast<const char*>(p->data()),
-                             p->size());
+// Helper to parse a string and turn it into a slice with appropriate memory
+// management characteristics
+class HPackParser::String {
+ public:
+  // ParseResult carries both a ParseStatus and the parsed string
+  struct ParseResult;
+  // Result of parsing a string
+  enum class ParseStatus {
+    // Parsed OK
+    kOk,
+    // Parse reached end of the current frame
+    kEof,
+    // Parse failed due to a huffman decode error
+    kParseHuffFailed,
+    // Parse failed due to a base64 decode error
+    kUnbase64Failed,
+  };
+
+  String() : value_(absl::Span<const uint8_t>()) {}
+  String(const String&) = delete;
+  String& operator=(const String&) = delete;
+  String(String&& other) noexcept : value_(std::move(other.value_)) {
+    other.value_ = absl::Span<const uint8_t>();
+  }
+  String& operator=(String&& other) noexcept {
+    value_ = std::move(other.value_);
+    other.value_ = absl::Span<const uint8_t>();
+    return *this;
   }
-  GPR_UNREACHABLE_CODE(return absl::string_view());
-}
 
-template <typename Out>
-HpackParseStatus HPackParser::String::ParseHuff(Input* input, uint32_t length,
-                                                Out output) {
-  // If there's insufficient bytes remaining, return now.
-  if (input->remaining() < length) {
-    input->UnexpectedEOF(/*min_progress_size=*/length);
-    return HpackParseStatus::kEof;
+  // Take the value and leave this empty
+  Slice Take();
+
+  // Return a reference to the value as a string view
+  absl::string_view string_view() const {
+    if (auto* p = absl::get_if<Slice>(&value_)) {
+      return p->as_string_view();
+    } else if (auto* p = absl::get_if<absl::Span<const uint8_t>>(&value_)) {
+      return absl::string_view(reinterpret_cast<const char*>(p->data()),
+                               p->size());
+    } else if (auto* p = absl::get_if<std::vector<uint8_t>>(&value_)) {
+      return absl::string_view(reinterpret_cast<const char*>(p->data()),
+                               p->size());
+    }
+    GPR_UNREACHABLE_CODE(return absl::string_view());
   }
-  // Grab the byte range, and iterate through it.
-  const uint8_t* p = input->cur_ptr();
-  input->Advance(length);
-  return HuffDecoder<Out>(output, p, p + length).Run()
-             ? HpackParseStatus::kOk
-             : HpackParseStatus::kParseHuffFailed;
-}
 
-struct HPackParser::String::StringResult {
-  StringResult() = delete;
-  StringResult(HpackParseStatus status, size_t wire_size, String value)
-      : status(status), wire_size(wire_size), value(std::move(value)) {}
-  HpackParseStatus status;
-  size_t wire_size;
-  String value;
-};
+  // Parse a non-binary string
+  static ParseResult Parse(Input* input);
 
-HPackParser::String::StringResult HPackParser::String::ParseUncompressed(
-    Input* input, uint32_t length, uint32_t wire_size) {
-  // Check there's enough bytes
-  if (input->remaining() < length) {
-    input->UnexpectedEOF(/*min_progress_size=*/length);
-    GPR_DEBUG_ASSERT(input->eof_error());
-    return StringResult{HpackParseStatus::kEof, wire_size, String{}};
-  }
-  auto* refcount = input->slice_refcount();
-  auto* p = input->cur_ptr();
-  input->Advance(length);
-  if (refcount != nullptr) {
-    return StringResult{HpackParseStatus::kOk, wire_size,
-                        String(refcount, p, p + length)};
-  } else {
-    return StringResult{HpackParseStatus::kOk, wire_size,
-                        String(absl::Span<const uint8_t>(p, length))};
-  }
-}
+  // Parse a binary string
+  static ParseResult ParseBinary(Input* input);
 
-absl::optional<std::vector<uint8_t>> HPackParser::String::Unbase64Loop(
-    const uint8_t* cur, const uint8_t* end) {
-  while (cur != end && end[-1] == '=') {
-    --end;
+ private:
+  void AppendBytes(const uint8_t* data, size_t length);
+  explicit String(std::vector<uint8_t> v) : value_(std::move(v)) {}
+  explicit String(absl::Span<const uint8_t> v) : value_(v) {}
+  String(grpc_slice_refcount* r, const uint8_t* begin, const uint8_t* end)
+      : value_(Slice::FromRefcountAndBytes(r, begin, end)) {}
+
+  // Parse some huffman encoded bytes, using output(uint8_t b) to emit each
+  // decoded byte.
+  template <typename Out>
+  static ParseStatus ParseHuff(Input* input, uint32_t length, Out output) {
+    // If there's insufficient bytes remaining, return now.
+    if (input->remaining() < length) {
+      input->UnexpectedEOF();
+      GPR_DEBUG_ASSERT(input->eof_error());
+      return ParseStatus::kEof;
+    }
+    // Grab the byte range, and iterate through it.
+    const uint8_t* p = input->cur_ptr();
+    input->Advance(length);
+    return HuffDecoder<Out>(output, p, p + length).Run()
+               ? ParseStatus::kOk
+               : ParseStatus::kParseHuffFailed;
   }
 
-  std::vector<uint8_t> out;
-  out.reserve(3 * (end - cur) / 4 + 3);
-
-  // Decode 4 bytes at a time while we can
-  while (end - cur >= 4) {
-    uint32_t bits = kBase64InverseTable.table[*cur];
-    if (bits > 63) return {};
-    uint32_t buffer = bits << 18;
-    ++cur;
-
-    bits = kBase64InverseTable.table[*cur];
-    if (bits > 63) return {};
-    buffer |= bits << 12;
-    ++cur;
-
-    bits = kBase64InverseTable.table[*cur];
-    if (bits > 63) return {};
-    buffer |= bits << 6;
-    ++cur;
-
-    bits = kBase64InverseTable.table[*cur];
-    if (bits > 63) return {};
-    buffer |= bits;
-    ++cur;
-
-    out.insert(out.end(), {static_cast<uint8_t>(buffer >> 16),
-                           static_cast<uint8_t>(buffer >> 8),
-                           static_cast<uint8_t>(buffer)});
-  }
-  // Deal with the last 0, 1, 2, or 3 bytes.
-  switch (end - cur) {
-    case 0:
-      return out;
-    case 1:
-      return {};
-    case 2: {
-      uint32_t bits = kBase64InverseTable.table[*cur];
-      if (bits > 63) return {};
-      uint32_t buffer = bits << 18;
+  // Parse some uncompressed string bytes.
+  static ParseResult ParseUncompressed(Input* input, uint32_t length,
+                                       uint32_t wire_size);
 
-      ++cur;
-      bits = kBase64InverseTable.table[*cur];
-      if (bits > 63) return {};
-      buffer |= bits << 12;
+  // Turn base64 encoded bytes into not base64 encoded bytes.
+  static ParseResult Unbase64(String s);
 
-      if (buffer & 0xffff) return {};
-      out.push_back(static_cast<uint8_t>(buffer >> 16));
-      return out;
+  // Main loop for Unbase64
+  static absl::optional<std::vector<uint8_t>> Unbase64Loop(const uint8_t* cur,
+                                                           const uint8_t* end) {
+    while (cur != end && end[-1] == '=') {
+      --end;
     }
-    case 3: {
+
+    std::vector<uint8_t> out;
+    out.reserve(3 * (end - cur) / 4 + 3);
+
+    // Decode 4 bytes at a time while we can
+    while (end - cur >= 4) {
       uint32_t bits = kBase64InverseTable.table[*cur];
       if (bits > 63) return {};
       uint32_t buffer = bits << 18;
-
       ++cur;
+
       bits = kBase64InverseTable.table[*cur];
       if (bits > 63) return {};
       buffer |= bits << 12;
-
       ++cur;
+
       bits = kBase64InverseTable.table[*cur];
       if (bits > 63) return {};
       buffer |= bits << 6;
+      ++cur;
 
+      bits = kBase64InverseTable.table[*cur];
+      if (bits > 63) return {};
+      buffer |= bits;
       ++cur;
-      if (buffer & 0xff) return {};
-      out.push_back(static_cast<uint8_t>(buffer >> 16));
-      out.push_back(static_cast<uint8_t>(buffer >> 8));
-      return out;
+
+      out.insert(out.end(), {static_cast<uint8_t>(buffer >> 16),
+                             static_cast<uint8_t>(buffer >> 8),
+                             static_cast<uint8_t>(buffer)});
     }
+    // Deal with the last 0, 1, 2, or 3 bytes.
+    switch (end - cur) {
+      case 0:
+        return out;
+      case 1:
+        return {};
+      case 2: {
+        uint32_t bits = kBase64InverseTable.table[*cur];
+        if (bits > 63) return {};
+        uint32_t buffer = bits << 18;
+
+        ++cur;
+        bits = kBase64InverseTable.table[*cur];
+        if (bits > 63) return {};
+        buffer |= bits << 12;
+
+        if (buffer & 0xffff) return {};
+        out.push_back(static_cast<uint8_t>(buffer >> 16));
+        return out;
+      }
+      case 3: {
+        uint32_t bits = kBase64InverseTable.table[*cur];
+        if (bits > 63) return {};
+        uint32_t buffer = bits << 18;
+
+        ++cur;
+        bits = kBase64InverseTable.table[*cur];
+        if (bits > 63) return {};
+        buffer |= bits << 12;
+
+        ++cur;
+        bits = kBase64InverseTable.table[*cur];
+        if (bits > 63) return {};
+        buffer |= bits << 6;
+
+        ++cur;
+        if (buffer & 0xff) return {};
+        out.push_back(static_cast<uint8_t>(buffer >> 16));
+        out.push_back(static_cast<uint8_t>(buffer >> 8));
+        return out;
+      }
+    }
+
+    GPR_UNREACHABLE_CODE(return out;);
   }
 
-  GPR_UNREACHABLE_CODE(return out;);
+  absl::variant<Slice, absl::Span<const uint8_t>, std::vector<uint8_t>> value_;
+};
+
+struct HPackParser::String::ParseResult {
+  ParseResult() = delete;
+  ParseResult(ParseStatus status, size_t wire_size, String value)
+      : status(status), wire_size(wire_size), value(std::move(value)) {}
+  ParseStatus status;
+  size_t wire_size;
+  String value;
+};
+
+HPackParser::String::ParseResult HPackParser::String::ParseUncompressed(
+    Input* input, uint32_t length, uint32_t wire_size) {
+  // Check there's enough bytes
+  if (input->remaining() < length) {
+    input->UnexpectedEOF();
+    GPR_DEBUG_ASSERT(input->eof_error());
+    return ParseResult{ParseStatus::kEof, wire_size, String{}};
+  }
+  auto* refcount = input->slice_refcount();
+  auto* p = input->cur_ptr();
+  input->Advance(length);
+  if (refcount != nullptr) {
+    return ParseResult{ParseStatus::kOk, wire_size,
+                       String(refcount, p, p + length)};
+  } else {
+    return ParseResult{ParseStatus::kOk, wire_size,
+                       String(absl::Span<const uint8_t>(p, length))};
+  }
 }
 
-HPackParser::String::StringResult HPackParser::String::Unbase64(String s) {
+HPackParser::String::ParseResult HPackParser::String::Unbase64(String s) {
   absl::optional<std::vector<uint8_t>> result;
   if (auto* p = absl::get_if<Slice>(&s.value_)) {
     result = Unbase64Loop(p->begin(), p->end());
@@ -475,38 +539,46 @@ HPackParser::String::StringResult HPackParser::String::Unbase64(String s) {
     result = Unbase64Loop(p->data(), p->data() + p->size());
   }
   if (!result.has_value()) {
-    return StringResult{HpackParseStatus::kUnbase64Failed,
-                        s.string_view().length(), String{}};
+    return ParseResult{ParseStatus::kUnbase64Failed, s.string_view().length(),
+                       String{}};
   }
-  return StringResult{HpackParseStatus::kOk, s.string_view().length(),
-                      String(std::move(*result))};
+  return ParseResult{ParseStatus::kOk, s.string_view().length(),
+                     String(std::move(*result))};
 }
 
-HPackParser::String::StringResult HPackParser::String::Parse(Input* input,
-                                                             bool is_huff,
-                                                             size_t length) {
-  if (is_huff) {
+HPackParser::String::ParseResult HPackParser::String::Parse(Input* input) {
+  auto pfx = input->ParseStringPrefix();
+  if (!pfx.has_value()) {
+    GPR_DEBUG_ASSERT(input->eof_error());
+    return ParseResult{ParseStatus::kEof, 0, String{}};
+  }
+  if (pfx->huff) {
     // Huffman coded
     std::vector<uint8_t> output;
-    HpackParseStatus sts =
-        ParseHuff(input, length, [&output](uint8_t c) { output.push_back(c); });
+    ParseStatus sts = ParseHuff(input, pfx->length,
+                                [&output](uint8_t c) { output.push_back(c); });
     size_t wire_len = output.size();
-    return StringResult{sts, wire_len, String(std::move(output))};
+    return ParseResult{sts, wire_len, String(std::move(output))};
   }
-  return ParseUncompressed(input, length, length);
+  return ParseUncompressed(input, pfx->length, pfx->length);
 }
 
-HPackParser::String::StringResult HPackParser::String::ParseBinary(
-    Input* input, bool is_huff, size_t length) {
-  if (!is_huff) {
-    if (length > 0 && input->peek() == 0) {
+HPackParser::String::ParseResult HPackParser::String::ParseBinary(
+    Input* input) {
+  auto pfx = input->ParseStringPrefix();
+  if (!pfx.has_value()) {
+    GPR_DEBUG_ASSERT(input->eof_error());
+    return ParseResult{ParseStatus::kEof, 0, String{}};
+  }
+  if (!pfx->huff) {
+    if (pfx->length > 0 && input->peek() == 0) {
       // 'true-binary'
       input->Advance(1);
-      return ParseUncompressed(input, length - 1, length);
+      return ParseUncompressed(input, pfx->length - 1, pfx->length);
     }
     // Base64 encoded... pull out the string, then unbase64 it
-    auto base64 = ParseUncompressed(input, length, length);
-    if (base64.status != HpackParseStatus::kOk) return base64;
+    auto base64 = ParseUncompressed(input, pfx->length, pfx->length);
+    if (base64.status != ParseStatus::kOk) return base64;
     return Unbase64(std::move(base64.value));
   } else {
     // Huffman encoded...
@@ -515,35 +587,36 @@ HPackParser::String::StringResult HPackParser::String::ParseBinary(
     // and what is it.
     enum class State { kUnsure, kBinary, kBase64 };
     State state = State::kUnsure;
-    auto sts = ParseHuff(input, length, [&state, &decompressed](uint8_t c) {
-      if (state == State::kUnsure) {
-        // First byte... if it's zero it's binary
-        if (c == 0) {
-          // Save the type, and skip the zero
-          state = State::kBinary;
-          return;
-        } else {
-          // Flag base64, store this value
-          state = State::kBase64;
-        }
-      }
-      // Non-first byte, or base64 first byte
-      decompressed.push_back(c);
-    });
-    if (sts != HpackParseStatus::kOk) {
-      return StringResult{sts, 0, String{}};
+    auto sts =
+        ParseHuff(input, pfx->length, [&state, &decompressed](uint8_t c) {
+          if (state == State::kUnsure) {
+            // First byte... if it's zero it's binary
+            if (c == 0) {
+              // Save the type, and skip the zero
+              state = State::kBinary;
+              return;
+            } else {
+              // Flag base64, store this value
+              state = State::kBase64;
+            }
+          }
+          // Non-first byte, or base64 first byte
+          decompressed.push_back(c);
+        });
+    if (sts != ParseStatus::kOk) {
+      return ParseResult{sts, 0, String{}};
     }
     switch (state) {
       case State::kUnsure:
         // No bytes, empty span
-        return StringResult{HpackParseStatus::kOk, 0,
-                            String(absl::Span<const uint8_t>())};
+        return ParseResult{ParseStatus::kOk, 0,
+                           String(absl::Span<const uint8_t>())};
       case State::kBinary:
         // Binary, we're done
         {
           size_t wire_len = decompressed.size();
-          return StringResult{HpackParseStatus::kOk, wire_len,
-                              String(std::move(decompressed))};
+          return ParseResult{ParseStatus::kOk, wire_len,
+                             String(std::move(decompressed))};
         }
       case State::kBase64:
         // Base64 - unpack it
@@ -556,38 +629,28 @@ HPackParser::String::StringResult HPackParser::String::ParseBinary(
 // Parser parses one key/value pair from a byte stream.
 class HPackParser::Parser {
  public:
-  Parser(Input* input, grpc_metadata_batch*& metadata_buffer,
-         InterSliceState& state, LogInfo log_info)
+  Parser(Input* input, grpc_metadata_batch* metadata_buffer, HPackTable* table,
+         uint8_t* dynamic_table_updates_allowed, uint32_t* frame_length,
+         RandomEarlyDetection* metadata_early_detection, LogInfo log_info)
       : input_(input),
         metadata_buffer_(metadata_buffer),
-        state_(state),
+        table_(table),
+        dynamic_table_updates_allowed_(dynamic_table_updates_allowed),
+        frame_length_(frame_length),
+        metadata_early_detection_(metadata_early_detection),
         log_info_(log_info) {}
 
-  bool Parse() {
-    switch (state_.parse_state) {
-      case ParseState::kTop:
-        return ParseTop();
-      case ParseState::kParsingKeyLength:
-        return ParseKeyLength();
-      case ParseState::kParsingKeyBody:
-        return ParseKeyBody();
-      case ParseState::kSkippingKeyBody:
-        return SkipKeyBody();
-      case ParseState::kParsingValueLength:
-        return ParseValueLength();
-      case ParseState::kParsingValueBody:
-        return ParseValueBody();
-      case ParseState::kSkippingValueLength:
-        return SkipValueLength();
-      case ParseState::kSkippingValueBody:
-        return SkipValueBody();
+  // Skip any priority bits, or return false on failure
+  bool SkipPriority() {
+    if (input_->remaining() < 5) {
+      input_->UnexpectedEOF();
+      return false;
     }
-    GPR_UNREACHABLE_CODE(return false);
+    input_->Advance(5);
+    return true;
   }
 
- private:
-  bool ParseTop() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
+  bool Parse() {
     auto cur = *input_->Next();
     switch (cur >> 4) {
         // Literal header not indexed - First byte format: 0000xxxx
@@ -600,11 +663,11 @@ class HPackParser::Parser {
       case 1:
         switch (cur & 0xf) {
           case 0:  // literal key
-            return StartParseLiteralKey(false);
+            return FinishHeaderOmitFromTable(ParseLiteralKey());
           case 0xf:  // varint encoded key index
-            return StartVarIdxKey(0xf, false);
+            return FinishHeaderOmitFromTable(ParseVarIdxKey(0xf));
           default:  // inline encoded key index
-            return StartIdxKey(cur & 0xf, false);
+            return FinishHeaderOmitFromTable(ParseIdxKey(cur & 0xf));
         }
         // Update max table size.
         // First byte format: 001xxxxx
@@ -631,20 +694,20 @@ class HPackParser::Parser {
       case 4:
         if (cur == 0x40) {
           // literal key
-          return StartParseLiteralKey(true);
+          return FinishHeaderAndAddToTable(ParseLiteralKey());
         }
         ABSL_FALLTHROUGH_INTENDED;
       case 5:
       case 6:
         // inline encoded key index
-        return StartIdxKey(cur & 0x3f, true);
+        return FinishHeaderAndAddToTable(ParseIdxKey(cur & 0x3f));
       case 7:
         if (cur == 0x7f) {
           // varint encoded key index
-          return StartVarIdxKey(0x3f, true);
+          return FinishHeaderAndAddToTable(ParseVarIdxKey(0x3f));
         } else {
           // inline encoded key index
-          return StartIdxKey(cur & 0x3f, true);
+          return FinishHeaderAndAddToTable(ParseIdxKey(cur & 0x3f));
         }
         // Indexed Header Field Representation
         // First byte format: 1xxxxxxx
@@ -656,7 +719,7 @@ class HPackParser::Parser {
         if (cur == 0x80) {
           // illegal value.
           input_->SetErrorAndStopParsing(
-              HpackParseResult::IllegalHpackOpCode());
+              absl::InternalError("Illegal hpack op code"));
           return false;
         }
         ABSL_FALLTHROUGH_INTENDED;
@@ -680,6 +743,7 @@ class HPackParser::Parser {
     GPR_UNREACHABLE_CODE(abort());
   }
 
+ private:
   void GPR_ATTRIBUTE_NOINLINE LogHeader(const HPackTable::Memento& memento) {
     const char* type;
     switch (log_info_.type) {
@@ -693,48 +757,46 @@ class HPackParser::Parser {
         type = "???";
         break;
     }
-    gpr_log(
-        GPR_DEBUG, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
-        log_info_.is_client ? "CLI" : "SVR", memento.md.DebugString().c_str(),
-        memento.parse_status.ok()
-            ? ""
-            : absl::StrCat(" (parse error: ",
-                           memento.parse_status.Materialize().ToString(), ")")
-                  .c_str());
+    gpr_log(GPR_DEBUG, "HTTP:%d:%s:%s: %s%s", log_info_.stream_id, type,
+            log_info_.is_client ? "CLI" : "SVR",
+            memento.md.DebugString().c_str(),
+            memento.parse_status.ok()
+                ? ""
+                : absl::StrCat(
+                      " (parse error: ", memento.parse_status.ToString(), ")")
+                      .c_str());
   }
 
   void EmitHeader(const HPackTable::Memento& md) {
     // Pass up to the transport
-    state_.frame_length += md.md.transport_size();
+    *frame_length_ += md.md.transport_size();
+    if (!input_->has_error() &&
+        metadata_early_detection_->MustReject(*frame_length_)) {
+      // Reject any requests above hard metadata limit.
+      HandleMetadataHardSizeLimitExceeded(md);
+    }
     if (!md.parse_status.ok()) {
       // Reject any requests with invalid metadata.
-      input_->SetErrorAndContinueParsing(md.parse_status);
+      HandleMetadataParseError(md.parse_status);
     }
     if (GPR_LIKELY(metadata_buffer_ != nullptr)) {
       metadata_buffer_->Set(md.md);
     }
-    if (state_.metadata_early_detection.MustReject(state_.frame_length)) {
-      // Reject any requests above hard metadata limit.
-      input_->SetErrorAndContinueParsing(
-          HpackParseResult::HardMetadataLimitExceededError(
-              std::exchange(metadata_buffer_, nullptr), state_.frame_length,
-              state_.metadata_early_detection.hard_limit()));
-    }
   }
 
-  bool FinishHeaderAndAddToTable(HPackTable::Memento md) {
+  bool FinishHeaderAndAddToTable(absl::optional<HPackTable::Memento> md) {
+    // Allow higher code to just pass in failures ... simplifies things a bit.
+    if (!md.has_value()) return false;
     // Log if desired
     if (GRPC_TRACE_FLAG_ENABLED(grpc_trace_chttp2_hpack_parser)) {
-      LogHeader(md);
+      LogHeader(*md);
     }
     // Emit whilst we own the metadata.
-    EmitHeader(md);
+    EmitHeader(*md);
     // Add to the hpack table
-    if (GPR_UNLIKELY(!state_.hpack_table.Add(std::move(md)))) {
-      input_->SetErrorAndStopParsing(
-          HpackParseResult::AddBeforeTableSizeUpdated(
-              state_.hpack_table.current_table_bytes(),
-              state_.hpack_table.max_bytes()));
+    grpc_error_handle err = table_->Add(std::move(*md));
+    if (GPR_UNLIKELY(!err.ok())) {
+      input_->SetErrorAndStopParsing(std::move(err));
       return false;
     };
     return true;
@@ -755,269 +817,136 @@ class HPackParser::Parser {
     EmitHeader(md);
   }
 
-  // Parse an index encoded key and a string encoded value
-  bool StartIdxKey(uint32_t index, bool add_to_table) {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
-    input_->UpdateFrontier();
-    const auto* elem = state_.hpack_table.Lookup(index);
-    if (GPR_UNLIKELY(elem == nullptr)) {
-      InvalidHPackIndexError(index);
-      return false;
-    }
-    state_.parse_state = ParseState::kParsingValueLength;
-    state_.is_binary_header = elem->md.is_binary_header();
-    state_.key.emplace<const HPackTable::Memento*>(elem);
-    state_.add_to_table = add_to_table;
-    return ParseValueLength();
-  };
-
-  // Parse a varint index encoded key and a string encoded value
-  bool StartVarIdxKey(uint32_t offset, bool add_to_table) {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
-    auto index = input_->ParseVarint(offset);
-    if (GPR_UNLIKELY(!index.has_value())) return false;
-    return StartIdxKey(*index, add_to_table);
-  }
-
-  bool StartParseLiteralKey(bool add_to_table) {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kTop);
-    state_.add_to_table = add_to_table;
-    state_.parse_state = ParseState::kParsingKeyLength;
-    input_->UpdateFrontier();
-    return ParseKeyLength();
-  }
-
-  bool ShouldSkipParsingString(uint64_t string_length) const {
-    // We skip parsing if the string is longer than the current table size, and
-    // if we would have to reject the string due to metadata length limits
-    // regardless of what else was in the metadata batch.
-    //
-    // Why longer than the current table size? - it simplifies the logic at the
-    // end of skipping the string (and possibly a second if this is a key).
-    // If a key/value pair longer than the current table size is added to the
-    // hpack table we're forced to clear the entire table - this is a
-    // predictable operation that's easy to encode and doesn't need any state
-    // other than "skipping" to be carried forward.
-    // If we did not do this, we could end up in a situation where even though
-    // the metadata would overflow the current limit, it might not overflow the
-    // current hpack table size, and so we could not skip in on the off chance
-    // that we'd need to add it to the hpack table *and* reject the batch as a
-    // whole.
-    // That would be a mess, we're not doing it.
-    //
-    // These rules will end up having us parse some things that ultimately get
-    // rejected, and that's ok: the important thing is to have a bounded maximum
-    // so we can't be forced to infinitely buffer - not to have a perfect
-    // computation here.
-    return string_length > state_.hpack_table.current_table_size() &&
-           state_.metadata_early_detection.MustReject(
-               string_length + hpack_constants::kEntryOverhead);
-  }
-
-  bool ParseKeyLength() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kParsingKeyLength);
-    auto pfx = input_->ParseStringPrefix();
-    if (!pfx.has_value()) return false;
-    state_.is_string_huff_compressed = pfx->huff;
-    state_.string_length = pfx->length;
-    input_->UpdateFrontier();
-    if (ShouldSkipParsingString(state_.string_length)) {
-      input_->SetErrorAndContinueParsing(
-          HpackParseResult::HardMetadataLimitExceededByKeyError(
-              state_.string_length,
-              state_.metadata_early_detection.hard_limit()));
-      metadata_buffer_ = nullptr;
-      state_.parse_state = ParseState::kSkippingKeyBody;
-      return SkipKeyBody();
-    } else {
-      state_.parse_state = ParseState::kParsingKeyBody;
-      return ParseKeyBody();
-    }
-  }
-
-  bool ParseKeyBody() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kParsingKeyBody);
-    auto key = String::Parse(input_, state_.is_string_huff_compressed,
-                             state_.string_length);
-    switch (key.status) {
-      case HpackParseStatus::kOk:
-        break;
-      case HpackParseStatus::kEof:
-        GPR_DEBUG_ASSERT(input_->eof_error());
-        return false;
-      default:
-        input_->SetErrorAndStopParsing(
-            HpackParseResult::FromStatus(key.status));
-        return false;
+  // Helper type to build a memento from a key & value, and to consolidate some
+  // tricky error path code.
+  class MementoBuilder {
+   public:
+    explicit MementoBuilder(Input* input, absl::string_view key_string,
+                            absl::Status status = absl::OkStatus())
+        : input_(input), key_string_(key_string), status_(std::move(status)) {}
+
+    auto ErrorHandler() {
+      return [this](absl::string_view error, const Slice&) {
+        auto message =
+            absl::StrCat("Error parsing '", key_string_,
+                         "' metadata: error=", error, " key=", key_string_);
+        gpr_log(GPR_ERROR, "%s", message.c_str());
+        if (status_.ok()) {
+          status_ = absl::InternalError(message);
+        }
+      };
     }
-    input_->UpdateFrontier();
-    state_.parse_state = ParseState::kParsingValueLength;
-    state_.is_binary_header = absl::EndsWith(key.value.string_view(), "-bin");
-    state_.key.emplace<Slice>(key.value.Take());
-    return ParseValueLength();
-  }
 
-  bool SkipStringBody() {
-    auto remaining = input_->remaining();
-    if (remaining >= state_.string_length) {
-      input_->Advance(state_.string_length);
-      return true;
-    } else {
-      input_->Advance(remaining);
-      input_->UpdateFrontier();
-      state_.string_length -= remaining;
-      // The default action of our outer loop is to buffer up to
-      // min_progress_size bytes.
-      // We know we need to do nothing up to the string length, so it would be
-      // legal to pass that here - however that would cause a client selected
-      // large buffer size to be accumulated, which would be an attack vector.
-      // We could also pass 1 here, and we'd be called to parse potentially
-      // every byte, which would give clients a way to consume substantial CPU -
-      // again not great.
-      // So we pick some tradeoff number - big enough to amortize wakeups, but
-      // probably not big enough to cause excessive memory use on the receiver.
-      input_->UnexpectedEOF(
-          /*min_progress_size=*/std::min(state_.string_length, 1024u));
-      return false;
+    HPackTable::Memento Build(ParsedMetadata<grpc_metadata_batch> memento) {
+      return HPackTable::Memento{std::move(memento), std::move(status_)};
     }
-  }
-
-  bool SkipKeyBody() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kSkippingKeyBody);
-    if (!SkipStringBody()) return false;
-    input_->UpdateFrontier();
-    state_.parse_state = ParseState::kSkippingValueLength;
-    return SkipValueLength();
-  }
 
-  bool SkipValueLength() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kSkippingValueLength);
-    auto pfx = input_->ParseStringPrefix();
-    if (!pfx.has_value()) return false;
-    state_.string_length = pfx->length;
-    input_->UpdateFrontier();
-    state_.parse_state = ParseState::kSkippingValueBody;
-    return SkipValueBody();
-  }
-
-  bool SkipValueBody() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kSkippingValueBody);
-    if (!SkipStringBody()) return false;
-    input_->UpdateFrontier();
-    state_.parse_state = ParseState::kTop;
-    if (state_.add_to_table) {
-      state_.hpack_table.AddLargerThanCurrentTableSize();
+    // Handle the result of parsing a value.
+    // Returns true if parsing should continue, false if it should stop.
+    // Stores an error on the input if necessary.
+    bool HandleParseResult(String::ParseStatus status) {
+      auto continuable = [this](absl::string_view error) {
+        auto this_error = absl::InternalError(absl::StrCat(
+            "Error parsing '", key_string_, "' metadata: error=", error));
+        if (status_.ok()) status_ = this_error;
+        input_->SetErrorAndContinueParsing(std::move(this_error));
+      };
+      switch (status) {
+        case String::ParseStatus::kOk:
+          return true;
+        case String::ParseStatus::kParseHuffFailed:
+          input_->SetErrorAndStopParsing(
+              absl::InternalError("Huffman decoding failed"));
+          return false;
+        case String::ParseStatus::kUnbase64Failed:
+          continuable("illegal base64 encoding");
+          return true;
+        case String::ParseStatus::kEof:
+          GPR_DEBUG_ASSERT(input_->eof_error());
+          return false;
+      }
+      GPR_UNREACHABLE_CODE(return false);
     }
-    return true;
-  }
 
-  bool ParseValueLength() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kParsingValueLength);
-    auto pfx = input_->ParseStringPrefix();
-    if (!pfx.has_value()) return false;
-    state_.is_string_huff_compressed = pfx->huff;
-    state_.string_length = pfx->length;
-    input_->UpdateFrontier();
-    if (ShouldSkipParsingString(state_.string_length)) {
-      input_->SetErrorAndContinueParsing(
-          HpackParseResult::HardMetadataLimitExceededByValueError(
-              Match(
-                  state_.key, [](const Slice& s) { return s.as_string_view(); },
-                  [](const HPackTable::Memento* m) { return m->md.key(); }),
-              state_.string_length,
-              state_.metadata_early_detection.hard_limit()));
-      metadata_buffer_ = nullptr;
-      state_.parse_state = ParseState::kSkippingValueBody;
-      return SkipValueBody();
-    } else {
-      state_.parse_state = ParseState::kParsingValueBody;
-      return ParseValueBody();
-    }
-  }
+   private:
+    Input* input_;
+    absl::string_view key_string_;
+    absl::Status status_;
+  };
 
-  bool ParseValueBody() {
-    GPR_DEBUG_ASSERT(state_.parse_state == ParseState::kParsingValueBody);
-    auto value =
-        state_.is_binary_header
-            ? String::ParseBinary(input_, state_.is_string_huff_compressed,
-                                  state_.string_length)
-            : String::Parse(input_, state_.is_string_huff_compressed,
-                            state_.string_length);
-    HpackParseResult& status = state_.frame_error;
-    absl::string_view key_string;
-    if (auto* s = absl::get_if<Slice>(&state_.key)) {
-      key_string = s->as_string_view();
-      if (status.ok()) {
-        auto r = ValidateKey(key_string);
-        if (r != ValidateMetadataResult::kOk) {
-          input_->SetErrorAndContinueParsing(
-              HpackParseResult::InvalidMetadataError(r, key_string));
-        }
-      }
-    } else {
-      const auto* memento = absl::get<const HPackTable::Memento*>(state_.key);
-      key_string = memento->md.key();
-      if (status.ok() && !memento->parse_status.ok()) {
-        input_->SetErrorAndContinueParsing(memento->parse_status);
-      }
-    }
-    switch (value.status) {
-      case HpackParseStatus::kOk:
+  // Parse a string encoded key and a string encoded value
+  absl::optional<HPackTable::Memento> ParseLiteralKey() {
+    auto key = String::Parse(input_);
+    switch (key.status) {
+      case String::ParseStatus::kOk:
         break;
-      case HpackParseStatus::kEof:
+      case String::ParseStatus::kParseHuffFailed:
+        input_->SetErrorAndStopParsing(
+            absl::InternalError("Huffman decoding failed"));
+        return absl::nullopt;
+      case String::ParseStatus::kUnbase64Failed:
+        Crash("unreachable");
+      case String::ParseStatus::kEof:
         GPR_DEBUG_ASSERT(input_->eof_error());
-        return false;
-      default: {
-        auto result =
-            HpackParseResult::FromStatusWithKey(value.status, key_string);
-        if (result.stream_error()) {
-          input_->SetErrorAndContinueParsing(std::move(result));
-          break;
-        } else {
-          input_->SetErrorAndStopParsing(std::move(result));
-          return false;
-        }
-      }
+        return absl::nullopt;
     }
+    auto key_string = key.value.string_view();
+    auto value = ParseValueString(absl::EndsWith(key_string, "-bin"));
+    MementoBuilder builder(input_, key_string,
+                           EnsureStreamError(ValidateKey(key_string)));
+    if (!builder.HandleParseResult(value.status)) return absl::nullopt;
     auto value_slice = value.value.Take();
     const auto transport_size =
         key_string.size() + value.wire_size + hpack_constants::kEntryOverhead;
-    auto md = grpc_metadata_batch::Parse(
-        key_string, std::move(value_slice), transport_size,
-        [key_string, &status, this](absl::string_view message, const Slice&) {
-          if (!status.ok()) return;
-          input_->SetErrorAndContinueParsing(
-              HpackParseResult::MetadataParseError(key_string));
-          gpr_log(GPR_ERROR, "Error parsing '%s' metadata: %s",
-                  std::string(key_string).c_str(),
-                  std::string(message).c_str());
-        });
-    HPackTable::Memento memento{std::move(md),
-                                status.PersistentStreamErrorOrOk()};
-    input_->UpdateFrontier();
-    state_.parse_state = ParseState::kTop;
-    if (state_.add_to_table) {
-      return FinishHeaderAndAddToTable(std::move(memento));
-    } else {
-      FinishHeaderOmitFromTable(memento);
-      return true;
-    }
+    return builder.Build(
+        grpc_metadata_batch::Parse(key_string, std::move(value_slice),
+                                   transport_size, builder.ErrorHandler()));
   }
 
-  ValidateMetadataResult ValidateKey(absl::string_view key) {
+  absl::Status ValidateKey(absl::string_view key) {
     if (key == HttpSchemeMetadata::key() || key == HttpMethodMetadata::key() ||
         key == HttpAuthorityMetadata::key() || key == HttpPathMetadata::key() ||
         key == HttpStatusMetadata::key()) {
-      return ValidateMetadataResult::kOk;
+      return absl::OkStatus();
     }
     return ValidateHeaderKeyIsLegal(key);
   }
 
+  // Parse an index encoded key and a string encoded value
+  absl::optional<HPackTable::Memento> ParseIdxKey(uint32_t index) {
+    const auto* elem = table_->Lookup(index);
+    if (GPR_UNLIKELY(elem == nullptr)) {
+      InvalidHPackIndexError(index);
+      return absl::optional<HPackTable::Memento>();
+    }
+    MementoBuilder builder(input_, elem->md.key(), elem->parse_status);
+    auto value = ParseValueString(elem->md.is_binary_header());
+    if (!builder.HandleParseResult(value.status)) return absl::nullopt;
+    return builder.Build(elem->md.WithNewValue(
+        value.value.Take(), value.wire_size, builder.ErrorHandler()));
+  };
+
+  // Parse a varint index encoded key and a string encoded value
+  absl::optional<HPackTable::Memento> ParseVarIdxKey(uint32_t offset) {
+    auto index = input_->ParseVarint(offset);
+    if (GPR_UNLIKELY(!index.has_value())) return absl::nullopt;
+    return ParseIdxKey(*index);
+  }
+
+  // Parse a string, figuring out if it's binary or not by the key name.
+  String::ParseResult ParseValueString(bool is_binary) {
+    if (is_binary) {
+      return String::ParseBinary(input_);
+    } else {
+      return String::Parse(input_);
+    }
+  }
+
   // Emit an indexed field
   bool FinishIndexed(absl::optional<uint32_t> index) {
-    state_.dynamic_table_updates_allowed = 0;
+    *dynamic_table_updates_allowed_ = 0;
     if (!index.has_value()) return false;
-    const auto* elem = state_.hpack_table.Lookup(*index);
+    const auto* elem = table_->Lookup(*index);
     if (GPR_UNLIKELY(elem == nullptr)) {
       InvalidHPackIndexError(*index);
       return false;
@@ -1029,16 +958,15 @@ class HPackParser::Parser {
   // finish parsing a max table size change
   bool FinishMaxTableSize(absl::optional<uint32_t> size) {
     if (!size.has_value()) return false;
-    if (state_.dynamic_table_updates_allowed == 0) {
-      input_->SetErrorAndStopParsing(
-          HpackParseResult::TooManyDynamicTableSizeChangesError());
+    if (*dynamic_table_updates_allowed_ == 0) {
+      input_->SetErrorAndStopParsing(absl::InternalError(
+          "More than two max table size changes in a single frame"));
       return false;
     }
-    state_.dynamic_table_updates_allowed--;
-    if (!state_.hpack_table.SetCurrentTableSize(*size)) {
-      input_->SetErrorAndStopParsing(
-          HpackParseResult::IllegalTableSizeChangeError(
-              *size, state_.hpack_table.max_bytes()));
+    (*dynamic_table_updates_allowed_)--;
+    grpc_error_handle err = table_->SetCurrentTableSize(*size);
+    if (!err.ok()) {
+      input_->SetErrorAndStopParsing(std::move(err));
       return false;
     }
     return true;
@@ -1047,13 +975,51 @@ class HPackParser::Parser {
   // Set an invalid hpack index error if no error has been set. Returns result
   // unmodified.
   void InvalidHPackIndexError(uint32_t index) {
-    input_->SetErrorAndStopParsing(
-        HpackParseResult::InvalidHpackIndexError(index));
+    input_->SetErrorAndStopParsing(grpc_error_set_int(
+        grpc_error_set_int(absl::InternalError("Invalid HPACK index received"),
+                           StatusIntProperty::kIndex,
+                           static_cast<intptr_t>(index)),
+        StatusIntProperty::kSize,
+        static_cast<intptr_t>(this->table_->num_entries())));
+  }
+
+  GPR_ATTRIBUTE_NOINLINE
+  void HandleMetadataParseError(const absl::Status& status) {
+    if (metadata_buffer_ != nullptr) {
+      metadata_buffer_->Clear();
+      metadata_buffer_ = nullptr;
+    }
+    // StreamId is used as a signal to skip this stream but keep the connection
+    // alive
+    input_->SetErrorAndContinueParsing(status);
+  }
+
+  GPR_ATTRIBUTE_NOINLINE
+  void HandleMetadataHardSizeLimitExceeded(const HPackTable::Memento& md) {
+    // Collect a summary of sizes so far for debugging
+    // Do not collect contents, for fear of exposing PII.
+    std::string summary;
+    std::string error_message;
+    if (metadata_buffer_ != nullptr) {
+      MetadataSizeLimitExceededEncoder encoder(summary);
+      metadata_buffer_->Encode(&encoder);
+    }
+    summary = absl::StrCat("; adding ", md.md.key(), " (length ",
+                           md.md.transport_size(), "B)",
+                           summary.empty() ? "" : " to ", summary);
+    error_message = absl::StrCat(
+        "received metadata size exceeds hard limit (", *frame_length_, " vs. ",
+        metadata_early_detection_->hard_limit(), ")", summary);
+    HandleMetadataParseError(absl::ResourceExhaustedError(error_message));
   }
 
   Input* const input_;
-  grpc_metadata_batch*& metadata_buffer_;
-  InterSliceState& state_;
+  grpc_metadata_batch* metadata_buffer_;
+  HPackTable* const table_;
+  uint8_t* const dynamic_table_updates_allowed_;
+  uint32_t* const frame_length_;
+  // Random early detection of metadata size limits.
+  RandomEarlyDetection* metadata_early_detection_;
   const LogInfo log_info_;
 };
 
@@ -1085,8 +1051,9 @@ void HPackParser::BeginFrame(grpc_metadata_batch* metadata_buffer,
   }
   boundary_ = boundary;
   priority_ = priority;
-  state_.dynamic_table_updates_allowed = 2;
-  state_.metadata_early_detection.SetLimits(
+  dynamic_table_updates_allowed_ = 2;
+  frame_length_ = 0;
+  metadata_early_detection_ = RandomEarlyDetection(
       /*soft_limit=*/metadata_size_soft_limit,
       /*hard_limit=*/metadata_size_hard_limit);
   log_info_ = log_info;
@@ -1094,43 +1061,36 @@ void HPackParser::BeginFrame(grpc_metadata_batch* metadata_buffer,
 
 grpc_error_handle HPackParser::Parse(const grpc_slice& slice, bool is_last) {
   if (GPR_UNLIKELY(!unparsed_bytes_.empty())) {
-    unparsed_bytes_.insert(unparsed_bytes_.end(), GRPC_SLICE_START_PTR(slice),
-                           GRPC_SLICE_END_PTR(slice));
-    if (!(is_last && is_boundary()) &&
-        unparsed_bytes_.size() < min_progress_size_) {
-      // We wouldn't make progress anyway, skip out.
-      return absl::OkStatus();
-    }
     std::vector<uint8_t> buffer = std::move(unparsed_bytes_);
-    return ParseInput(Input(nullptr, buffer.data(),
-                            buffer.data() + buffer.size(), state_.frame_error),
-                      is_last);
+    buffer.insert(buffer.end(), GRPC_SLICE_START_PTR(slice),
+                  GRPC_SLICE_END_PTR(slice));
+    return ParseInput(
+        Input(nullptr, buffer.data(), buffer.data() + buffer.size()), is_last);
   }
   return ParseInput(Input(slice.refcount, GRPC_SLICE_START_PTR(slice),
-                          GRPC_SLICE_END_PTR(slice), state_.frame_error),
+                          GRPC_SLICE_END_PTR(slice)),
                     is_last);
 }
 
 grpc_error_handle HPackParser::ParseInput(Input input, bool is_last) {
   ParseInputInner(&input);
-  if (is_last && is_boundary()) {
-    if (state_.metadata_early_detection.Reject(state_.frame_length)) {
+  if (is_last) {
+    if (metadata_early_detection_.Reject(frame_length_)) {
       HandleMetadataSoftSizeLimitExceeded(&input);
     }
-    global_stats().IncrementHttp2MetadataSize(state_.frame_length);
-    if (!state_.frame_error.connection_error() &&
-        (input.eof_error() || state_.parse_state != ParseState::kTop)) {
-      state_.frame_error = HpackParseResult::IncompleteHeaderAtBoundaryError();
-    }
-    state_.frame_length = 0;
-    return std::exchange(state_.frame_error, HpackParseResult()).Materialize();
-  } else {
-    if (input.eof_error() && !state_.frame_error.connection_error()) {
-      unparsed_bytes_ = std::vector<uint8_t>(input.frontier(), input.end_ptr());
-      min_progress_size_ = input.min_progress_size();
+    global_stats().IncrementHttp2MetadataSize(frame_length_);
+  }
+  if (input.eof_error()) {
+    if (GPR_UNLIKELY(is_last && is_boundary())) {
+      auto err = input.TakeError();
+      if (!err.ok() && !IsStreamError(err)) return err;
+      return absl::InternalError(
+          "Incomplete header at the end of a header/continuation sequence");
     }
-    return state_.frame_error.Materialize();
+    unparsed_bytes_ = std::vector<uint8_t>(input.frontier(), input.end_ptr());
+    return input.TakeError();
   }
+  return input.TakeError();
 }
 
 void HPackParser::ParseInputInner(Input* input) {
@@ -1139,7 +1099,7 @@ void HPackParser::ParseInputInner(Input* input) {
       break;
     case Priority::Included: {
       if (input->remaining() < 5) {
-        input->UnexpectedEOF(/*min_progress_size=*/5);
+        input->UnexpectedEOF();
         return;
       }
       input->Advance(5);
@@ -1148,8 +1108,10 @@ void HPackParser::ParseInputInner(Input* input) {
     }
   }
   while (!input->end_of_stream()) {
-    if (GPR_UNLIKELY(
-            !Parser(input, metadata_buffer_, state_, log_info_).Parse())) {
+    if (GPR_UNLIKELY(!Parser(input, metadata_buffer_, &table_,
+                             &dynamic_table_updates_allowed_, &frame_length_,
+                             &metadata_early_detection_, log_info_)
+                          .Parse())) {
       return;
     }
     input->UpdateFrontier();
@@ -1159,10 +1121,24 @@ void HPackParser::ParseInputInner(Input* input) {
 void HPackParser::FinishFrame() { metadata_buffer_ = nullptr; }
 
 void HPackParser::HandleMetadataSoftSizeLimitExceeded(Input* input) {
+  // Collect a summary of sizes so far for debugging
+  // Do not collect contents, for fear of exposing PII.
+  std::string summary;
+  std::string error_message;
+  if (metadata_buffer_ != nullptr) {
+    MetadataSizeLimitExceededEncoder encoder(summary);
+    metadata_buffer_->Encode(&encoder);
+  }
+  error_message = absl::StrCat(
+      "received metadata size exceeds soft limit (", frame_length_, " vs. ",
+      metadata_early_detection_.soft_limit(),
+      "), rejecting requests with some random probability", summary);
+  if (metadata_buffer_ != nullptr) {
+    metadata_buffer_->Clear();
+    metadata_buffer_ = nullptr;
+  }
   input->SetErrorAndContinueParsing(
-      HpackParseResult::SoftMetadataLimitExceededError(
-          std::exchange(metadata_buffer_, nullptr), state_.frame_length,
-          state_.metadata_early_detection.soft_limit()));
+      absl::ResourceExhaustedError(error_message));
 }
 
 }  // namespace grpc_core