sumanthakur1976 opened a new pull request, #2788:
URL: https://github.com/apache/thrift/pull/2788

   This patch fixes the problem with uncheckd data
   conversion read from the network. Currently, code
   reads data from the network, converts it to
   i32, and then blindly converts it to usize (so -1
   gets converted to -1_usize and causes panic in
   debug build and huge memory use in release build). 
   This could easily become a security vulnerability. 
   
   The fix replaces all `as usize` casts to try_into
   style casts.
   
   <!-- Explain the changes in the pull request below: -->
     
   
   <!-- We recommend you review the checklist/tips before submitting a pull 
request. -->
   
   - [ ] Did you create an [Apache 
Jira](https://issues.apache.org/jira/projects/THRIFT/issues/) ticket?  
([Request account here](https://selfserve.apache.org/jira-account.html), not 
required for trivial changes)
   - [ ] If a ticket exists: Does your pull request title follow the pattern 
"THRIFT-NNNN: describe my issue"?
   - [ ] Did you squash your changes to a single commit?  (not required, but 
preferred)
   - [ ] Did you do your best to avoid breaking changes?  If one was needed, 
did you label the Jira ticket with "Breaking-Change"?
   - [ ] If your change does not involve any code, include `[skip ci]` anywhere 
in the commit message to free up build resources.
   
   <!--
     The Contributing Guide at:
     https://github.com/apache/thrift/blob/master/CONTRIBUTING.md
     has more details and tips for committing properly.
   -->
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@thrift.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to