thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Antipin (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (THRIFT-4024) C# deserialization takes unnecessary time on list with unknown type of elements
Date Tue, 10 Jan 2017 16:19:58 GMT

    [ https://issues.apache.org/jira/browse/THRIFT-4024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15815392#comment-15815392
] 

Michael Antipin edited comment on THRIFT-4024 at 1/10/17 4:19 PM:
------------------------------------------------------------------

I've got bad binary data from server, complete gibberish. While this should not generally
happen, _I may receive such data_ in my project (it has to do with breaking changes in data
encryption). I have no way of knowing if it's Ok until I try to deserialize. But anyway, that
definitely should not be dangerous. 

I try to deserialize a binary, *that is not even a thrift*. Thrift library skips unknown bullshit
until it occasionally finds what looks like a list (it's not, really). Just a coincidence.
Its element type happens to be not of TType an its length is some number (pretty big in my
case, but could be anything). It then tries to skip that list, which takes forever.


was (Author: aurora12):
I've got bad binary data from server, complete gibberish. While this should not generally
happen, _I may receive such data_ in my project (it has to do with breaking changes in data
encryption). I have no way of knowing if it's Ok until I try to deserialize. But anyway, that
should not be dangerous, really. 

I try to deserialize a binary, *that is not even a thrift*. Thrift library skips unknown bullshit
until it occasionally finds what looks like a list (it's not, really). Just a coincidence.
Its element type happens to be not of TType an its length is some number (pretty big in my
case, but could be anything). It then tries to skip that list, which takes forever.

> C# deserialization takes unnecessary time on list with unknown type of elements
> -------------------------------------------------------------------------------
>
>                 Key: THRIFT-4024
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4024
>             Project: Thrift
>          Issue Type: Bug
>          Components: C# - Library
>    Affects Versions: 0.10.0
>            Reporter: Michael Antipin
>            Assignee: Jens Geyer
>
> I'm using TBinaryProtocol and a simple transport that reads from a given byte array.
> C# library contains the following code in TProtocolUtil.Skip(TProtocol prot, TType type):
> {code}
> case TType.List:
> 	TList list = prot.ReadListBegin();
> 	for (int i = 0; i < list.Count; i++) {
> 		Skip(prot, list.ElementType);
> 	}
> 	prot.ReadListEnd();
> 	break;
> {code}
> The type of elements is detected in ReadListBegin(), and, as Skip() does nothing for
unknown types, the position in the binary remains the same until the for loop completes. 
> So, when you try to deserialize invalid data, and a field type happens to be detected
as TType.List, you may end up waiting for a random period of time until deserialization is
completed (734707176 iterations of skipping in my case).
> I suggest throwing an exception immediately when list elements type is unknown. May be,
it would be good to have a setting like *FailOnUnknownType*, so that Skip() will throw instead
of ignoring.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message