You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Andris Mednis (JIRA)" <ji...@apache.org> on 2012/07/24 17:31:35 UTC
[jira] [Created] (THRIFT-1654) c_glib thrift_socket_read() returns
corrupted data
Andris Mednis created THRIFT-1654:
-------------------------------------
Summary: c_glib thrift_socket_read() returns corrupted data
Key: THRIFT-1654
URL: https://issues.apache.org/jira/browse/THRIFT-1654
Project: Thrift
Issue Type: Bug
Components: C glib - Library
Affects Versions: 0.8, 0.7
Environment: Linux
Reporter: Andris Mednis
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously
collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed transport and causes crash. To fix, replace '
buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1654) c_glib thrift_socket_read() returns
corrupted data
Posted by "Andris Mednis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andris Mednis updated THRIFT-1654:
----------------------------------
Description:
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
was:
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously
collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed transport and causes crash. To fix, replace '
buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
> c_glib thrift_socket_read() returns corrupted data
> --------------------------------------------------
>
> Key: THRIFT-1654
> URL: https://issues.apache.org/jira/browse/THRIFT-1654
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7, 0.8
> Environment: Linux
> Reporter: Andris Mednis
>
> In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
> ------------------------------------------------------
> ...
> /* implements thrift_transport_read */
> gint32
> thrift_socket_read (ThriftTransport *transport, gpointer buf,
> guint32 len, GError **error)
> {
> gint ret = 0;
> guint got = 0;
> ThriftSocket *socket = THRIFT_SOCKET (transport);
> while (got < len)
> {
> ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
> if (ret < 0)
> {
> g_set_error (error, THRIFT_TRANSPORT_ERROR,
> THRIFT_TRANSPORT_ERROR_RECEIVE,
> "failed to read %d bytes - %s", len, strerror(errno));
> return -1;
> }
> got += ret;
> }
> return got;
> }
> ...
> ------------------------------------------------------
> At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (THRIFT-1654) c_glib thrift_socket_read() returns
corrupted data
Posted by "Andris Mednis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andris Mednis updated THRIFT-1654:
----------------------------------
Description:
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got', 'len' with 'len-got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
was:
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
> c_glib thrift_socket_read() returns corrupted data
> --------------------------------------------------
>
> Key: THRIFT-1654
> URL: https://issues.apache.org/jira/browse/THRIFT-1654
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7, 0.8
> Environment: Linux
> Reporter: Andris Mednis
>
> In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
> ------------------------------------------------------
> ...
> /* implements thrift_transport_read */
> gint32
> thrift_socket_read (ThriftTransport *transport, gpointer buf,
> guint32 len, GError **error)
> {
> gint ret = 0;
> guint got = 0;
> ThriftSocket *socket = THRIFT_SOCKET (transport);
> while (got < len)
> {
> ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got', 'len' with 'len-got'.
> if (ret < 0)
> {
> g_set_error (error, THRIFT_TRANSPORT_ERROR,
> THRIFT_TRANSPORT_ERROR_RECEIVE,
> "failed to read %d bytes - %s", len, strerror(errno));
> return -1;
> }
> got += ret;
> }
> return got;
> }
> ...
> ------------------------------------------------------
> At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1654) c_glib thrift_socket_read()
returns corrupted data
Posted by "Andris Mednis (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13422136#comment-13422136 ]
Andris Mednis commented on THRIFT-1654:
---------------------------------------
Christian Zimnick has submitted a patch https://issues.apache.org/jira/secure/attachment/12501520/THRIFT-1414.patch. His patch is larger, but solves this THRIFT-1654 issue, too, by patching lib/c_glib/src/transport/thrift_socket.c. So, no need to develop a separate patch, Christian's patch is better for thrift_socket.c file. In fact, this THRIFT-1654 issue can be closed as duplicate and THRIFT-1414 should be resolved. Until that users of Thrift c_glib have to patch thrift_socket.c file manually (in versions 0.7 and up).
> c_glib thrift_socket_read() returns corrupted data
> --------------------------------------------------
>
> Key: THRIFT-1654
> URL: https://issues.apache.org/jira/browse/THRIFT-1654
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7, 0.8
> Environment: Linux
> Reporter: Andris Mednis
>
> In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
> ------------------------------------------------------
> ...
> /* implements thrift_transport_read */
> gint32
> thrift_socket_read (ThriftTransport *transport, gpointer buf,
> guint32 len, GError **error)
> {
> gint ret = 0;
> guint got = 0;
> ThriftSocket *socket = THRIFT_SOCKET (transport);
> while (got < len)
> {
> ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
> if (ret < 0)
> {
> g_set_error (error, THRIFT_TRANSPORT_ERROR,
> THRIFT_TRANSPORT_ERROR_RECEIVE,
> "failed to read %d bytes - %s", len, strerror(errno));
> return -1;
> }
> got += ret;
> }
> return got;
> }
> ...
> ------------------------------------------------------
> At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (THRIFT-1654) c_glib thrift_socket_read() returns
corrupted data
Posted by "Jake Farrell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jake Farrell closed THRIFT-1654.
--------------------------------
Resolution: Duplicate
Fix Version/s: 0.9
duplicates THRIFT-1414
> c_glib thrift_socket_read() returns corrupted data
> --------------------------------------------------
>
> Key: THRIFT-1654
> URL: https://issues.apache.org/jira/browse/THRIFT-1654
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7, 0.8
> Environment: Linux
> Reporter: Andris Mednis
> Fix For: 0.9
>
>
> In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
> ------------------------------------------------------
> ...
> /* implements thrift_transport_read */
> gint32
> thrift_socket_read (ThriftTransport *transport, gpointer buf,
> guint32 len, GError **error)
> {
> gint ret = 0;
> guint got = 0;
> ThriftSocket *socket = THRIFT_SOCKET (transport);
> while (got < len)
> {
> ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got', 'len' with 'len-got'.
> if (ret < 0)
> {
> g_set_error (error, THRIFT_TRANSPORT_ERROR,
> THRIFT_TRANSPORT_ERROR_RECEIVE,
> "failed to read %d bytes - %s", len, strerror(errno));
> return -1;
> }
> got += ret;
> }
> return got;
> }
> ...
> ------------------------------------------------------
> At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (THRIFT-1654) c_glib thrift_socket_read()
returns corrupted data
Posted by "Jake Farrell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/THRIFT-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13421517#comment-13421517 ]
Jake Farrell commented on THRIFT-1654:
--------------------------------------
Andris, thank you for finding this and contributing. please see http://thrift.apache.org/docs/HowToContribute/ for details on submitting a patch for this issue
> c_glib thrift_socket_read() returns corrupted data
> --------------------------------------------------
>
> Key: THRIFT-1654
> URL: https://issues.apache.org/jira/browse/THRIFT-1654
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7, 0.8
> Environment: Linux
> Reporter: Andris Mednis
>
> In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
> ------------------------------------------------------
> ...
> /* implements thrift_transport_read */
> gint32
> thrift_socket_read (ThriftTransport *transport, gpointer buf,
> guint32 len, GError **error)
> {
> gint ret = 0;
> guint got = 0;
> ThriftSocket *socket = THRIFT_SOCKET (transport);
> while (got < len)
> {
> ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
> if (ret < 0)
> {
> g_set_error (error, THRIFT_TRANSPORT_ERROR,
> THRIFT_TRANSPORT_ERROR_RECEIVE,
> "failed to read %d bytes - %s", len, strerror(errno));
> return -1;
> }
> got += ret;
> }
> return got;
> }
> ...
> ------------------------------------------------------
> At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira