[jira] [Resolved] (THRIFT-6014) Add recursion depth limit to skip() in JavaScript library

Jens Geyer (Jira) Tue, 19 May 2026 17:00:13 -0700


     [ 
https://issues.apache.org/jira/browse/THRIFT-6014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jens Geyer resolved THRIFT-6014.
--------------------------------
    Fix Version/s: 0.24.0
         Assignee: Jens Geyer
       Resolution: Fixed

> Add recursion depth limit to skip() in JavaScript library
> ---------------------------------------------------------
>
>                 Key: THRIFT-6014
>                 URL: https://issues.apache.org/jira/browse/THRIFT-6014
>             Project: Thrift
>          Issue Type: Improvement
>          Components: JavaScript - Library
>            Reporter: Jens Geyer
>            Assignee: Jens Geyer
>            Priority: Major
>             Fix For: 0.24.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The skip() method in the browser JavaScript library (lib/js/src/thrift.js) 
> recurses without a depth bound on nested container and struct types. The 
> Node.js protocols (binary, compact, JSON) already enforce a depth limit of 
> 64. This aligns the browser library with the Node.js implementation by adding 
> a depth parameter and throwing TProtocolException with DEPTH_LIMIT when depth 
> exceeds 64.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (THRIFT-6014) Add recursion depth limit to skip() in JavaScript library

Reply via email to