[
https://issues.apache.org/jira/browse/THRIFT-5294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17212002#comment-17212002
]
Yuxuan Wang commented on THRIFT-5294:
-------------------------------------
Added unit test for all protocols in the PR and found out that
TCompactProtocol.[Read|Write]StructEnd could also panic, and fixed that in the
PR as well.
> Go: TSimpleJSONProtocol could panic on WriteMessageEnd without matching
> WriteMessageBegin
> -----------------------------------------------------------------------------------------
>
> Key: THRIFT-5294
> URL: https://issues.apache.org/jira/browse/THRIFT-5294
> Project: Thrift
> Issue Type: Task
> Components: Go - Library
> Affects Versions: 0.13.0
> Reporter: Yuxuan Wang
> Assignee: Yuxuan Wang
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> I noticed the issue while writing the example loggingMiddleware code in
> https://github.com/apache/thrift/pull/1992#issuecomment-705903922. The root
> cause is that we have two context stacks when implementing
> TSimpleJSONProtocol in go library, but we never check the slice length before
> the popping/peeking operations, and in certain circumstances (e.g. calling
> WriteMessageEnd without matching WriteMessageBegin) it would panic with using
> -1 as the slice index.
> It should return an TProtocolException instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
