[ https://issues.apache.org/jira/browse/THRIFT-4375?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16222744#comment-16222744 ]
Jean-Noël Quintin commented on THRIFT-4375: ------------------------------------------- The issue is in the file transport/TBufferTransports.cpp function ensureCanWrite line 352 when multiplying the size by 2 there is an overflow. Then realloc with a size equal to 0; > TMemory throw bad_alloc due to counter overflow > ----------------------------------------------- > > Key: THRIFT-4375 > URL: https://issues.apache.org/jira/browse/THRIFT-4375 > Project: Thrift > Issue Type: Bug > Components: C++ - Library > Affects Versions: 0.10.0 > Environment: Linux 64 bits rhel 7.3 > Reporter: Jean-Noël Quintin > Priority: Critical > > The buffer size named buffer size_ is stored on a uint32_t. > When the size of transmis data is above there is an overflow and throw a > bad_alloc error. > This come from the fact that the allocated size is a power of 2 and is > multiplied by 2. At a time it reach 2^32 and ask for allocating a buffer with > size 0. > Then the allocation return NULL (normal) and the exception is throw. > Thanks to take into account the issue. -- This message was sent by Atlassian JIRA (v6.4.14#64029)