[
https://issues.apache.org/jira/browse/THRIFT-4375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222744#comment-16222744
]
Jean-Noël Quintin commented on THRIFT-4375:
-------------------------------------------
The issue is in the file transport/TBufferTransports.cpp function
ensureCanWrite line 352
when multiplying the size by 2 there is an overflow.
Then realloc with a size equal to 0;
> TMemory throw bad_alloc due to counter overflow
> -----------------------------------------------
>
> Key: THRIFT-4375
> URL: https://issues.apache.org/jira/browse/THRIFT-4375
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.10.0
> Environment: Linux 64 bits rhel 7.3
> Reporter: Jean-Noël Quintin
> Priority: Critical
>
> The buffer size named buffer size_ is stored on a uint32_t.
> When the size of transmis data is above there is an overflow and throw a
> bad_alloc error.
> This come from the fact that the allocated size is a power of 2 and is
> multiplied by 2. At a time it reach 2^32 and ask for allocating a buffer with
> size 0.
> Then the allocation return NULL (normal) and the exception is throw.
> Thanks to take into account the issue.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
