phile314 opened a new pull request #2108: URL: https://github.com/apache/thrift/pull/2108
The read functions for handles promise to return *up* to the requested number of bytes. This means in case we read less bytes, we should try again to read some more bytes. This issue caused invalid frame sizes which caused arbitrary decoding failures. I believe that the bug has been introduced in https://github.com/apache/thrift/commit/3c420072ab5388c2c00d15ada72aec5b061c4d4d <!-- Explain the changes in the pull request below: --> <!-- We recommend you review the checklist/tips before submitting a pull request. --> - [ ] Did you create an [Apache Jira](https://issues.apache.org/jira/projects/THRIFT/issues/) ticket? (not required for trivial changes) - [ ] If a ticket exists: Does your pull request title follow the pattern "THRIFT-NNNN: describe my issue"? - [x] Did you squash your changes to a single commit? (not required, but preferred) - [x] Did you do your best to avoid breaking changes? If one was needed, did you label the Jira ticket with "Breaking-Change"? - [ ] If your change does not involve any code, add ` [skip ci]` at the end of your pull request to free up build resources. <!-- The Contributing Guide at: https://github.com/apache/thrift/blob/master/CONTRIBUTING.md has more details and tips for committing properly. --> ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org