[jira] [Commented] (THRIFT-1377) abort PHP deserialization on unknown field type

[Hudson (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/THRIFT-1377?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13122478#comment-13122478
 ] 

Hudson commented on THRIFT-1377:
--------------------------------

Integrated in Thrift #291 (See [https://builds.apache.org/job/Thrift/291/])
    Thrift-1377: abort PHP deserialization on unknown field type
client: php
Patch: Dave Watson

Previously the code incorrectly ignored unknown field types. After
reading the field header, if it was an unknown type it would incorrectly
assume there was no data, and start trying to read the next field
immediately.

                
> abort PHP deserialization on unknown field type
> -----------------------------------------------
>
>                 Key: THRIFT-1377
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1377
>             Project: Thrift
>          Issue Type: Improvement
>          Components: C++ - Library
>            Reporter: Dave Watson
>            Assignee: Dave Watson
>            Priority: Minor
>             Fix For: 0.8
>
>         Attachments: 
> 0005-thrift-abort-PHP-deserialization-on-unknown-field-ty.patch
>
>
> From fe3de1c287012f88554f115cf0a1015414f8e644 Mon Sep 17 00:00:00 2001
> From: Adam Simpkins <simpk...@fb.com>
> Date: Wed, 24 Mar 2010 00:13:36 +0000
> Subject: [PATCH 5/9] thrift: abort PHP deserialization on unknown field type
> Summary:
> Previously the code incorrectly ignored unknown field types.  After
> reading the field header, if it was an unknown type it would incorrectly
> assume there was no data, and start trying to read the next field
> immediately.  This is clearly a bug.
> Not only could this lead to incorrect data being returned, it also
> caused the code to get stuck in very long loops when passed invalid
> data.  This happens if the data looks like an extremely long list of
> containing elements of an unknown type.  The code tries to parse them
> all, but since it thinks they are all 0 bytes, doesn't make forward
> progress in the buffer.  It can be very slow to try an parse a list of
> 1 billion empty entries.
> Test Plan:
> Tried to decode the buffer 'DkyYjVlMTVl'.  Previously this would get
> stuck in a loop, now it throws a TProtocolException.
> Revert Plan:
> OK
> ---
>  lib/php/src/protocol/TProtocol.php |    6 ++++--
>  1 files changed, 4 insertions(+), 2 deletions(-)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira