[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

GitHub user dvirsky opened a pull request: https://github.com/apache/thrift/pull/511 Limit lists to 10,000 items in fastbinary decoding to avoid crashing … …servers from huge allocations on junk/mallicious input https://issues.apache.org/jira/browse/THRIFT-3175 You can

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user dvirsky commented on the pull request: https://github.com/apache/thrift/pull/511#issuecomment-107866723 The build failure seems to be unrelated to the patch: ``` ... vector-0.10.12.3 failed during the building phase. The exception was: ExitFailure 9

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user bufferoverflow commented on a diff in the pull request: https://github.com/apache/thrift/pull/511#discussion_r31599079 --- Diff: lib/py/src/protocol/fastbinary.c --- @@ -936,7 +951,7 @@ decode_struct(DecodeBuffer* input, PyObject* output, PyObject* spec_seq) { }

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user bufferoverflow commented on a diff in the pull request: https://github.com/apache/thrift/pull/511#discussion_r31599161 --- Diff: lib/py/src/protocol/fastbinary.c --- @@ -1028,7 +1043,7 @@ decode_val(DecodeBuffer* input, TType type, PyObject* typeargs) { }

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user dvirsky commented on a diff in the pull request: https://github.com/apache/thrift/pull/511#discussion_r31604879 --- Diff: lib/py/src/protocol/fastbinary.c --- @@ -936,7 +951,7 @@ decode_struct(DecodeBuffer* input, PyObject* output, PyObject* spec_seq) { }

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user dvirsky commented on a diff in the pull request: https://github.com/apache/thrift/pull/511#discussion_r31604906 --- Diff: lib/py/src/protocol/fastbinary.c --- @@ -1028,7 +1043,7 @@ decode_val(DecodeBuffer* input, TType type, PyObject* typeargs) { }

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user dvirsky commented on a diff in the pull request: https://github.com/apache/thrift/pull/511#discussion_r31605192 --- Diff: lib/py/src/protocol/fastbinary.c --- @@ -936,7 +951,7 @@ decode_struct(DecodeBuffer* input, PyObject* output, PyObject* spec_seq) { }

[GitHub] thrift pull request: Limit lists to 10,000 items in fastbinary dec...

Github user asfgit closed the pull request at: https://github.com/apache/thrift/pull/511 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enab