TBaseHelper.toString(...) appends ByteBuffer data outside of valid buffer range -------------------------------------------------------------------------------
Key: THRIFT-1328 URL: https://issues.apache.org/jira/browse/THRIFT-1328 Project: Thrift Issue Type: Bug Components: Java - Library Affects Versions: 0.5 Environment: Java 1.6, Mac OSX 10.6.8 64-bit Reporter: Andy Schlaikjer I have a Thrift struct T which declares a binary field f3 after two other fields f1 and f2. After successful deserialization of a T instance, f3 references a ByteBuffer which wraps the raw byte[] containing all T instance data and has position and limit set to scope reads to valid f3 bytes. This is great because it means less copying of raw byte[] data. However, TBaseHelper.toString(ByteBuffer bb, StringBuilder sb) uses Buffer.array() and Buffer.arrayOffset() to read f3 data, causing it to append bytes to sb which lie outside f3's valid range in the backing byte[]. It seems like this logic is also present in latest version of TBaseHelper: http://svn.apache.org/viewvc/thrift/trunk/lib/java/src/org/apache/thrift/TBaseHelper.java?revision=1038833&view=markup#l223 -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira