[
https://issues.apache.org/jira/browse/THRIFT-4107?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17070646#comment-17070646
]
Zezeng Wang commented on THRIFT-4107:
-------------------------------------
Hi [~yurongliao] , how to reproduce this bug? I define a struct which has 5
byte and a service to operate it, then generate code with thrift and send
packet as you descript by call the generate function, but everything works
well. Can you post some key code to show how to reproduce this bug? BTW, I
test in 0.14.0.
> Thrift Server crashes when receiving specific bad packet
> --------------------------------------------------------
>
> Key: THRIFT-4107
> URL: https://issues.apache.org/jira/browse/THRIFT-4107
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.9.1, 0.9.2, 0.9.3, 0.10.0
> Environment: Ubuntu 12.04
> Thrift 0.9.1
> Reporter: Yurong LIAO
> Priority: Major
> Labels: easyfix, easytest, security
> Attachments: THRIFT-4107.patch
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> A server program with Thrift 0.9.1 always crash when receiving a specific
> packet from client. It's 100% reproducible by intentionally sending a packet
> consist of any 4 bytes followed with a 0.
> After checking the code, it is found that the crash is caused by an assert in
> method TNonblockingServer::TConnection::workSocket() (line 494, file
> TNonblockingServer.cpp). To prevent the crash, protection code can be add to
> check readWant_ when receiving data from client.
> The issue was found 0.9.1 and also exists in latter versions including latest
> code.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
