Jens-G opened a new pull request, #3412: URL: https://github.com/apache/thrift/pull/3412
## Summary `TProtocolUtil.maxSkipDepth` had a default value of `Integer.MAX_VALUE`, making the `skip()` method's recursion effectively unbounded. `TConfiguration.DEFAULT_RECURSION_DEPTH` is already defined as 64, matching the limits enforced by C++, Go, and Node.js. This change aligns the static default: - **`lib/java/src/main/java/org/apache/thrift/protocol/TProtocolUtil.java`**: `maxSkipDepth` default changed from `Integer.MAX_VALUE` to `64`. The existing `setMaxSkipDepth()` API is preserved, so callers that explicitly configured a different limit are unaffected. Tests added in `lib/java/src/test/java/org/apache/thrift/protocol/TestTProtocolUtil.java`: - `testSkipRejectsDeeplyNestedStruct`: a payload with 65 levels raises `TProtocolException`. - `testSkipAcceptsStructWithinDepthLimit`: a payload with 64 levels succeeds. ## Test plan - [ ] `cd lib/java && gradle test --tests '*TestTProtocolUtil*'` — two new depth limit tests pass 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
