James E. King, III created THRIFT-3062:
------------------------------------------
Summary: C++ TServerSocket invalid port number (over 999999)
causes stack corruption
Key: THRIFT-3062
URL: https://issues.apache.org/jira/browse/THRIFT-3062
Project: Thrift
Issue Type: Bug
Components: C++ - Library
Affects Versions: 0.9.2
Reporter: James E. King, III
In {{TServerSocket::listen()}} a buffer of size 7 is allocated for the string
to numeric translation of the port number, defined as {{int}}:
{noformat} char port[sizeof("65536") + 1];
...
sprintf(port, "%d", port_);{noformat}
An input of 1000000 or more will cause stack corruption. Recommend changing
sprintf to something safer, or making a larger buffer. In this case, one can
safely allocate a fixed size buffer on the stack to accomodate the largest
result possible, avoiding the problem.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
