thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James E. King, III (JIRA)" <>
Subject [jira] [Closed] (THRIFT-4362) Missing size-check can lead to huge memory allocation
Date Thu, 14 Dec 2017 13:55:17 GMT


James E. King, III closed THRIFT-4362.

> Missing size-check can lead to huge memory allocation
> -----------------------------------------------------
>                 Key: THRIFT-4362
>                 URL:
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.9.3, 0.10.0
>            Reporter: Christian Ciach
>            Assignee: James E. King, III
>             Fix For: 0.11.0
>         Attachments: check-size.patch
> In some cases the method {{org.apache.thrift.protocol.TBinaryProtocol.readStringBody(int
size)}} gets called with a "size" parameter that has not been validated by the existing method
{{checkStringReadLength(int size)}}.
> This is true if the method is called by {{readMessageBegin()}} of the same class. The
method {{readString()}} checks the size correctly before calling {{readStringBody(int size)}}.
> Since the methods {{readStringBody(int size)}} and {{readMessageBegin()}} are public,
there may be other callers who don't check the size correctly.
> We encountered this issue in production several times. Because of this we are currently
using our own patched version of libthrift-0.9.3. The patch is attached, but it is surely
not the best solution, because with this patch the size may be checked twice, depending on
the caller.

This message was sent by Atlassian JIRA

View raw message