thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King, III (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (THRIFT-4362) Missing size-check can lead to huge memory allocation
Date Thu, 14 Dec 2017 13:55:17 GMT

     [ https://issues.apache.org/jira/browse/THRIFT-4362?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

James E. King, III closed THRIFT-4362.
--------------------------------------

> Missing size-check can lead to huge memory allocation
> -----------------------------------------------------
>
>                 Key: THRIFT-4362
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4362
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.9.3, 0.10.0
>            Reporter: Christian Ciach
>            Assignee: James E. King, III
>             Fix For: 0.11.0
>
>         Attachments: check-size.patch
>
>
> In some cases the method {{org.apache.thrift.protocol.TBinaryProtocol.readStringBody(int
size)}} gets called with a "size" parameter that has not been validated by the existing method
{{checkStringReadLength(int size)}}.
> This is true if the method is called by {{readMessageBegin()}} of the same class. The
method {{readString()}} checks the size correctly before calling {{readStringBody(int size)}}.
> Since the methods {{readStringBody(int size)}} and {{readMessageBegin()}} are public,
there may be other callers who don't check the size correctly.
> We encountered this issue in production several times. Because of this we are currently
using our own patched version of libthrift-0.9.3. The patch is attached, but it is surely
not the best solution, because with this patch the size may be checked twice, depending on
the caller.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message