[ https://issues.apache.org/jira/browse/THRIFT-3978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15949667#comment-15949667 ]
ASF GitHub Bot commented on THRIFT-3978: ---------------------------------------- GitHub user jeking3 opened a pull request: https://github.com/apache/thrift/pull/1228 THRIFT-3978: tighten up pthread mutex implementation, removing asserts and replacing them with exceptions You can merge this pull request into a Git repository by running: $ git pull https://github.com/jeking3/thrift THRIFT-3978-mutex Alternatively you can review and apply these changes as the patch at: https://github.com/apache/thrift/pull/1228.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1228 ---- commit 8323899a347a316b59443e1dd88ef0a7d1529748 Author: James E. King, III <jim.k...@simplivity.com> Date: 2017-03-30T19:30:03Z THRIFT-3978: tighten up pthread mutex implementation, removing asserts and replacing them with exceptions ---- > Thrift C++ runtime uses assert to prevent overflows, checks sanity only in > debug builds > --------------------------------------------------------------------------------------- > > Key: THRIFT-3978 > URL: https://issues.apache.org/jira/browse/THRIFT-3978 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.10.0 > Environment: All > Reporter: James E. King, III > Assignee: James E. King, III > Labels: security > > Currently there is widespread use of assert in the thrift C++ runtime > library. Some of the more disturbing cases are security related, for example > checking header sizes. I recommend we eliminate assertions that are only > checked in debug mode, and instead throw the appropriate exception, usually a > TTransportException with CORRUPTED_DATA as the reason. If we're going to > check for an overflow or a buffer overrun, we should do so in debug and > release modes. Further, assertions are not easily tested whereas exceptions > are. > In THRIFT-3873 apache::thrift::transport::safe_numeric_cast was added, so I > also suggest changing static_cast to safe_numeric_cast where appropriate > throughout the transport code to catch any overflow errors. > Another location where assert is used liberally is inside the posix Mutex > implementation. -- This message was sent by Atlassian JIRA (v6.3.15#6346)