[
https://issues.apache.org/jira/browse/THRIFT-1414?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Maik Greubel updated THRIFT-1414:
---------------------------------
Attachment: thrift-0.9.0-c_glib-jira1414.patch
The attached patch can be applied to 0.9.0.
{code}
--- thrift-0.9.0/lib/c_glib/src/thrift/transport/thrift_socket.c.orig
2012-10-17 09:15:16.000000000 +0200
+++ thrift-0.9.0/lib/c_glib/src/thrift/transport/thrift_socket.c
2012-10-17 09:15:48.000000000 +0200
@@ -129,7 +129,7 @@
while (got < len)
{
- ret = recv (socket->sd, buf, len, 0);
+ ret = recv (socket->sd, buf+got, len-got, 0);
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
---
thrift-0.9.0/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c.orig
2012-10-17 09:16:07.000000000 +0200
+++ thrift-0.9.0/lib/c_glib/src/thrift/transport/thrift_buffered_transport.c
2012-10-17 09:17:26.000000000 +0200
@@ -71,7 +71,7 @@
ThriftBufferedTransport *t = THRIFT_BUFFERED_TRANSPORT (transport);
guint32 want = len;
guint32 got = 0;
- guchar tmpdata[t->r_buf_size];
+ guchar tmpdata[len];
guint32 have = t->r_buf->len;
// we shouldn't hit this unless the buffer doesn't have enough to read
@@ -101,7 +101,7 @@
} else {
got += THRIFT_TRANSPORT_GET_CLASS (t->transport)->read (t->transport,
tmpdata,
- t->r_buf_size,
+ want,
error);
t->r_buf = g_byte_array_append (t->r_buf, tmpdata, got);
{code}
> bufferoverflow in c_glib buffered transport/socket client
> ---------------------------------------------------------
>
> Key: THRIFT-1414
> URL: https://issues.apache.org/jira/browse/THRIFT-1414
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7
> Environment: Server running on Windows 7 SP1 64bit based on csharp.
> Client running on Ubuntu 11.04 Server 64 bit (fresh install) based on c_glib.
> svn rev: 1190015M
> Reporter: Christian Zimnick
> Priority: Critical
> Attachments: thrift-0.9.0-c_glib-jira1414.patch, THRIFT-1414.patch
>
> Original Estimate: 10m
> Remaining Estimate: 10m
>
> Quote of comment in source:
> -----------------------------------------------
> if the buffer is still smaller than what we
> want to read, then just read it directly.
> -----------------------------------------------
> But the code reading into the tempdata with size of the buffer and reading
> all data into this.
> file: lib/c_glib/transport/thrift_buffered_transport.c line 74/98
> Also if the buffer is still bigger that what we want to read, then reading
> the buffer size.
> But recv blocks than and waiting of data if there nothing to read after the
> receiving data len.
> file: lib/c_glib/transport/thrift_buffered_transport.c line 118
> i attached a patch that fix this problems but i dont know if all of this is
> correct.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
