[ https://issues.apache.org/jira/browse/THRIFT-3978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15675133#comment-15675133 ]
James E. King, III commented on THRIFT-3978: -------------------------------------------- Discovered when addressing code review comments on THRIFT-3873. > Thrift C++ runtime uses assert to prevent overflows, checks sanity only in > debug builds > --------------------------------------------------------------------------------------- > > Key: THRIFT-3978 > URL: https://issues.apache.org/jira/browse/THRIFT-3978 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.10.0 > Environment: All > Reporter: James E. King, III > Assignee: James E. King, III > Labels: security > > Currently there is widespread use of assert in the thrift C++ runtime > library. Some of the more disturbing cases are security related, for example > checking header sizes. I recommend we eliminate assertions that are only > checked in debug mode, and instead throw the appropriate exception, usually a > TTransportException with CORRUPTED_DATA as the reason. If we're going to > check for an overflow or a buffer overrun, we should do so in debug and > release modes. Further, assertions are not easily tested whereas exceptions > are. -- This message was sent by Atlassian JIRA (v6.3.4#6332)