Andris Mednis created THRIFT-1654:
-------------------------------------
Summary: c_glib thrift_socket_read() returns corrupted data
Key: THRIFT-1654
URL: https://issues.apache.org/jira/browse/THRIFT-1654
Project: Thrift
Issue Type: Bug
Components: C glib - Library
Affects Versions: 0.8, 0.7
Environment: Linux
Reporter: Andris Mednis
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c.
In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration
data are written from the beginning of buffer. Previously
collected data are overwritten. This eventually leads to a corrupted frame in
Thrift framed transport and causes crash. To fix, replace '
buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
