[
https://issues.apache.org/jira/browse/THRIFT-3978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16734921#comment-16734921
]
James E. King III commented on THRIFT-3978:
-------------------------------------------
By removing boost thread factory and posix thread factory, it may also resolve
THRIFT-3978.
> Thrift C++ runtime uses assert to prevent overflows, checks sanity only in
> debug builds
> ---------------------------------------------------------------------------------------
>
> Key: THRIFT-3978
> URL: https://issues.apache.org/jira/browse/THRIFT-3978
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.10.0
> Environment: All
> Reporter: James E. King III
> Assignee: James E. King III
> Priority: Major
> Labels: security
>
> Currently there is widespread use of assert in the thrift C++ runtime
> library. Some of the more disturbing cases are security related, for example
> checking header sizes. I recommend we eliminate assertions that are only
> checked in debug mode, and instead throw the appropriate exception, usually a
> TTransportException with CORRUPTED_DATA as the reason. If we're going to
> check for an overflow or a buffer overrun, we should do so in debug and
> release modes. Further, assertions are not easily tested whereas exceptions
> are.
> In THRIFT-3873 apache::thrift::transport::safe_numeric_cast was added, so I
> also suggest changing static_cast to safe_numeric_cast where appropriate
> throughout the transport code to catch any overflow errors.
> Another location where assert is used liberally is inside the posix Mutex
> implementation.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
