You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Yuxuan Wang (Jira)" <ji...@apache.org> on 2020/10/11 01:38:00 UTC

[jira] [Created] (THRIFT-5294) Go: TSimpleJSONProtocol could panic on WriteMessageEnd without matching WriteMessageBegin

Yuxuan Wang created THRIFT-5294:
-----------------------------------

             Summary: Go: TSimpleJSONProtocol could panic on WriteMessageEnd without matching WriteMessageBegin
                 Key: THRIFT-5294
                 URL: https://issues.apache.org/jira/browse/THRIFT-5294
             Project: Thrift
          Issue Type: Task
          Components: Go - Library
    Affects Versions: 0.13.0
            Reporter: Yuxuan Wang
            Assignee: Yuxuan Wang


I noticed the issue while writing the example loggingMiddleware code in https://github.com/apache/thrift/pull/1992#issuecomment-705903922. The root cause is that we have two context stacks when implementing TSimpleJSONProtocol in go library, but we never check the slice length before the popping/peeking operations, and in certain circumstances (e.g. calling WriteMessageEnd without matching WriteMessageBegin) it would panic with using -1 as the slice index.

It should return an TProtocolException instead. 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)