You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@thrift.apache.org by "wangyunjian (Jira)" <ji...@apache.org> on 2020/07/26 13:04:00 UTC

[jira] [Created] (THRIFT-5255) Fix stack overflow in framed transport

wangyunjian created THRIFT-5255:
-----------------------------------

             Summary: Fix stack overflow in framed transport
                 Key: THRIFT-5255
                 URL: https://issues.apache.org/jira/browse/THRIFT-5255
             Project: Thrift
          Issue Type: Bug
          Components: C glib - Library
    Affects Versions: 0.13.0
            Reporter: wangyunjian
            Assignee: wangyunjian


Alloca() allocates memory on the stack. A stack overflow exception is generated if the space cannot be allocated.
Use g_new0 instead of g_alloca.
=================================================================
==test_server==130665==ERROR: AddressSanitizer: stack-overflow on address 0x7ffbfe573e98 (pc 0x7f0b0e309147 bp 0x7ffc11174000 sp 0x7ffbfe573ea0 T0)
    #0 0x7f0b0e309146 in thrift_framed_transport_flush src/thrift/c_glib/transport/thrift_framed_transport.c:235
    #1 0x7f0b0e2fe874 in thrift_transport_flush src/thrift/c_glib/transport/thrift_transport.c:85
    #2 0x4299ab in t_test_thrift_test_processor_process_test_string gen-c_glib/t_test_thrift_test.c:5170
    #3 0x434266 in t_test_thrift_test_processor_dispatch_call gen-c_glib/t_test_thrift_test.c:7179
    #4 0x7f0b0e2e82f0 in thrift_dispatch_processor_process src/thrift/c_glib/processor/thrift_dispatch_processor.c:56
    #5 0x7f0b0e30c7d2 in thrift_simple_server_serve src/thrift/c_glib/server/thrift_simple_server.c:58
    #6 0x7f0b0e30b65b in thrift_server_serve src/thrift/c_glib/server/thrift_server.c:108
    #7 0x40946c in main src/test_server.c:280
    #8 0x7f0b0ce28872 in __libc_start_main (/usr/lib64/libc.so.6+0x23872)
    #9 0x404a6d in _start (/mnt/hgfs/share/thrift-0.13.0/test/c_glib/.libs/test_server+0x404a6d)

SUMMARY: AddressSanitizer: stack-overflow src/thrift/c_glib/transport/thrift_framed_transport.c:235 in thrift_framed_transport_flush
==test_server==130665==ABORTING




--
This message was sent by Atlassian Jira
(v8.3.4#803005)