I'm currently polishing up my D Thrift protocol implementations, and I
wonder what kind of sanity checks for the amount of data read I should
implement.
The C++ implementation of the protocols allows setting a limit for
container and string sizes via the container_limit and string_limit
properties, presumably to avoid massive amounts of memory being
allocated due to a broken size field in the received data. On the other
hand, the Java TBinaryProtocol has checkReadLength() to set a limit on
the total number of bytes read off the wire (which also adds a tiny bit
of overhead to any read() call).
Do you have any tips which of those is more useful in real-world Thrift
use cases, or other ideas about what I should implement for D?
Thanks,
David
- Protocol sanity checking: Java-style or C++-style? David Nadlinger
-
