[ https://issues.apache.org/jira/browse/THRIFT-4024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816319#comment-15816319 ]
ASF GitHub Bot commented on THRIFT-4024: ---------------------------------------- GitHub user Jens-G opened a pull request: https://github.com/apache/thrift/pull/1155 THRIFT-4024 Skip() should throw on unknown data types Fixes for * Go * C# * NETCore * Delphi * Haxe You can merge this pull request into a Git repository by running: $ git pull https://github.com/Jens-G/thrift THRIFT-4024 Alternatively you can review and apply these changes as the patch at: https://github.com/apache/thrift/pull/1155.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1155 ---- commit 3ae12ae52f551d6bce715e6dd8f336781ee46c54 Author: Jens Geyer <je...@apache.org> Date: 2017-01-10T20:57:48Z THRIFT-4024 Skip() should throw on unknown data types ---- > Skip() should throw on unknown data types > ----------------------------------------- > > Key: THRIFT-4024 > URL: https://issues.apache.org/jira/browse/THRIFT-4024 > Project: Thrift > Issue Type: Bug > Components: .NETCore - Library, C# - Library, Delphi - Library, Go - > Library, Haxe - Library > Affects Versions: 0.10.0 > Reporter: Michael Antipin > Assignee: Jens Geyer > > I'm using TBinaryProtocol and a simple transport that reads from a given byte > array. > C# library contains the following code in TProtocolUtil.Skip(TProtocol prot, > TType type): > {code} > case TType.List: > TList list = prot.ReadListBegin(); > for (int i = 0; i < list.Count; i++) { > Skip(prot, list.ElementType); > } > prot.ReadListEnd(); > break; > {code} > The type of elements is detected in ReadListBegin(), and, as Skip() does > nothing for unknown types, the position in the binary remains the same until > the for loop completes. > So, when you try to deserialize invalid data, and a field type happens to be > detected as TType.List, you may end up waiting for a random period of time > until deserialization is completed (734707176 iterations of skipping in my > case). > I suggest throwing an exception immediately when list elements type is > unknown. May be, it would be good to have a setting like *FailOnUnknownType*, > so that Skip() will throw instead of ignoring. -- This message was sent by Atlassian JIRA (v6.3.4#6332)