thrift-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Yuxuan Wang (Jira)" <j...@apache.org>
Subject [jira] [Created] (THRIFT-5294) Go: TSimpleJSONProtocol could panic on WriteMessageEnd without matching WriteMessageBegin
Date Sun, 11 Oct 2020 01:38:00 GMT
Yuxuan Wang created THRIFT-5294:
-----------------------------------

             Summary: Go: TSimpleJSONProtocol could panic on WriteMessageEnd without matching
WriteMessageBegin
                 Key: THRIFT-5294
                 URL: https://issues.apache.org/jira/browse/THRIFT-5294
             Project: Thrift
          Issue Type: Task
          Components: Go - Library
    Affects Versions: 0.13.0
            Reporter: Yuxuan Wang
            Assignee: Yuxuan Wang


I noticed the issue while writing the example loggingMiddleware code in https://github.com/apache/thrift/pull/1992#issuecomment-705903922.
The root cause is that we have two context stacks when implementing TSimpleJSONProtocol in
go library, but we never check the slice length before the popping/peeking operations, and
in certain circumstances (e.g. calling WriteMessageEnd without matching WriteMessageBegin)
it would panic with using -1 as the slice index.

It should return an TProtocolException instead. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message