You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "Bryan Duxbury (JIRA)" <ji...@apache.org> on 2011/09/07 19:49:11 UTC

[jira] [Commented] (THRIFT-1328) TBaseHelper.toString(...) appends ByteBuffer data outside of valid buffer range

    [ https://issues.apache.org/jira/browse/THRIFT-1328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13099143#comment-13099143 ] 

Bryan Duxbury commented on THRIFT-1328:
---------------------------------------

Good catch, Andy. However, your fix has a hole in it. If the ByteBuffer has a nonzero arrayOffset (as it would after, say, a slice() call), then you'll be reading from before the beginning of the buffer. All we need to do is offset all the indices by arrayOffset() and we should be fine. Do you want to take a crack at another version?

> TBaseHelper.toString(...) appends ByteBuffer data outside of valid buffer range
> -------------------------------------------------------------------------------
>
>                 Key: THRIFT-1328
>                 URL: https://issues.apache.org/jira/browse/THRIFT-1328
>             Project: Thrift
>          Issue Type: Bug
>          Components: Java - Library
>    Affects Versions: 0.5
>         Environment: Java 1.6, Mac OSX 10.6.8 64-bit
>            Reporter: Andy Schlaikjer
>         Attachments: fix-bytebuffer-access.patch
>
>
> I have a Thrift struct T which declares a binary field f3 after two other fields f1 and f2. After successful deserialization of a T instance, f3 references a ByteBuffer which wraps the raw byte[] containing all T instance data and has position and limit set to scope reads to valid f3 bytes. This is great because it means less copying of raw byte[] data.
> However, TBaseHelper.toString(ByteBuffer bb, StringBuilder sb) uses Buffer.array() and Buffer.arrayOffset() to read f3 data, causing it to append bytes to sb which lie outside f3's valid range in the backing byte[].
> It seems like this logic is also present in latest version of TBaseHelper: http://svn.apache.org/viewvc/thrift/trunk/lib/java/src/org/apache/thrift/TBaseHelper.java?revision=1038833&view=markup#l223

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira