[ 
https://issues.apache.org/jira/browse/THRIFT-1328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andy Schlaikjer updated THRIFT-1328:
------------------------------------

    Attachment: fix-bytebuffer-access-02.patch

> TBaseHelper.toString(...) appends ByteBuffer data outside of valid buffer 
> range
> -------------------------------------------------------------------------------
>
>                 Key: THRIFT-1328
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1328
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.5
>         Environment: Java 1.6, Mac OSX 10.6.8 64-bit
>            Reporter: Andy Schlaikjer
>         Attachments: fix-bytebuffer-access-02.patch, 
> fix-bytebuffer-access.patch
>
>
> I have a Thrift struct T which declares a binary field f3 after two other 
> fields f1 and f2. After successful deserialization of a T instance, f3 
> references a ByteBuffer which wraps the raw byte[] containing all T instance 
> data and has position and limit set to scope reads to valid f3 bytes. This is 
> great because it means less copying of raw byte[] data.
> However, TBaseHelper.toString(ByteBuffer bb, StringBuilder sb) uses 
> Buffer.array() and Buffer.arrayOffset() to read f3 data, causing it to append 
> bytes to sb which lie outside f3's valid range in the backing byte[].
> It seems like this logic is also present in latest version of TBaseHelper: 
> http://svn.apache.org/viewvc/thrift/trunk/lib/java/src/org/apache/thrift/TBaseHelper.java?revision=1038833&view=markup#l223

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Reply via email to