projects / thrift.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d349ce1) | patch
[PATCH] THRIFT-5322: Guard against large string/binary lengths in Go
authorYuxuan 'fishy' Wang <yuxuan.wang@reddit.com>
Thu, 10 Dec 2020 22:42:37 +0000 (14:42 -0800)
committerLaszlo Boszormenyi (GCS) <gcs@debian.org>
Sun, 14 Feb 2021 18:50:04 +0000 (18:50 +0000)
commite2e6c34b4a547847112778ef2c5431457aa69037
tree68c97c6b7d5b5a60c95c2c1b27b37b90302ab826tree | snapshot
parentd349ce1c7e53ad9603589c51da85451d016b2a59commit | diff
[PATCH] THRIFT-5322: Guard against large string/binary lengths in Go

Client: go

In TBinaryProtocol.ReadString, TBinaryProtocol.ReadBinary,
TCompactProtocol.ReadString, and TCompactProtocol.ReadBinary, use
safeReadBytes to prevent from large allocation on malformed sizes.

    $ go test -bench=SafeReadBytes -benchmem
    BenchmarkSafeReadBytes/normal-12                  625057              1789 ns/op            2176 B/op          5 allocs/op
    BenchmarkSafeReadBytes/max-askedSize-12           545271              2236 ns/op           14464 B/op          7 allocs/op
    PASS

Gbp-Pq: Name THRIFT-5322.patch
lib/go/thrift/binary_protocol.go diff | blob | history
lib/go/thrift/binary_protocol_test.go diff | blob | history
lib/go/thrift/compact_protocol.go diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.