projects / thrift.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 885c72e) | patch
[PATCH] THRIFT-5322: Guard against large string/binary lengths in Go
authorYuxuan 'fishy' Wang <yuxuan.wang@reddit.com>
Thu, 10 Dec 2020 22:42:37 +0000 (14:42 -0800)
committerLaszlo Boszormenyi (GCS) <gcs@debian.org>
Fri, 24 Sep 2021 15:18:04 +0000 (16:18 +0100)
commit2de2fe8ccf0db84e94f20b983d05e0a9fd3904ca
treebc5bba73d70e9984e6fcc51b4bea95ae761b06edtree | snapshot
parent885c72eda79adb40cfa3231a3104c6f460e56b8ecommit | diff
[PATCH] THRIFT-5322: Guard against large string/binary lengths in Go

Client: go

In TBinaryProtocol.ReadString, TBinaryProtocol.ReadBinary,
TCompactProtocol.ReadString, and TCompactProtocol.ReadBinary, use
safeReadBytes to prevent from large allocation on malformed sizes.

    $ go test -bench=SafeReadBytes -benchmem
    BenchmarkSafeReadBytes/normal-12                  625057              1789 ns/op            2176 B/op          5 allocs/op
    BenchmarkSafeReadBytes/max-askedSize-12           545271              2236 ns/op           14464 B/op          7 allocs/op
    PASS

Gbp-Pq: Name THRIFT-5322.patch
lib/go/thrift/binary_protocol.go diff | blob | history
lib/go/thrift/binary_protocol_test.go diff | blob | history
lib/go/thrift/compact_protocol.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.