[ https://issues.apache.org/jira/browse/THRIFT-4024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16390146#comment-16390146 ]
ASF GitHub Bot commented on THRIFT-4024: ---------------------------------------- GitHub user bananer opened a pull request: https://github.com/apache/thrift/pull/1503 THRIFT-4024: Skip() throws TProtocolException.INVALID_DATA on unknown… … data types You can merge this pull request into a Git repository by running: $ git pull https://github.com/bananer/thrift THRIFT-4024-invalid-data Alternatively you can review and apply these changes as the patch at: https://github.com/apache/thrift/pull/1503.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #1503 ---- commit 8ed11e4256b97c6415fb75e8bc789e4cab8d6d1c Author: Philip Frank <ich@...> Date: 2018-03-07T20:21:30Z THRIFT-4024: Skip() throws TProtocolException.INVALID_DATA on unknown data types ---- > Skip() should throw on unknown data types > ----------------------------------------- > > Key: THRIFT-4024 > URL: https://issues.apache.org/jira/browse/THRIFT-4024 > Project: Thrift > Issue Type: Bug > Components: .NETCore - Library, C# - Library, Delphi - Library, Go - > Library, Haxe - Library > Affects Versions: 0.10.0 > Reporter: Michael Antipin > Assignee: Jens Geyer > Priority: Major > Fix For: 0.11.0 > > > I'm using TBinaryProtocol and a simple transport that reads from a given byte > array. > C# library contains the following code in TProtocolUtil.Skip(TProtocol prot, > TType type): > {code} > case TType.List: > TList list = prot.ReadListBegin(); > for (int i = 0; i < list.Count; i++) { > Skip(prot, list.ElementType); > } > prot.ReadListEnd(); > break; > {code} > The type of elements is detected in ReadListBegin(), and, as Skip() does > nothing for unknown types, the position in the binary remains the same until > the for loop completes. > So, when you try to deserialize invalid data, and a field type happens to be > detected as TType.List, you may end up waiting for a random period of time > until deserialization is completed (734707176 iterations of skipping in my > case). > I suggest throwing an exception immediately when list elements type is > unknown. May be, it would be good to have a setting like *FailOnUnknownType*, > so that Skip() will throw instead of ignoring. -- This message was sent by Atlassian JIRA (v7.6.3#76005)