You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by ro...@apache.org on 2015/06/03 11:47:07 UTC
thrift git commit: THRIFT-3175 python: fastbinary.c python
deserialize can cause huge allocations from garbage
Repository: thrift
Updated Branches:
refs/heads/master 56d38fb91 -> 7daf00ceb
THRIFT-3175 python: fastbinary.c python deserialize can cause huge allocations from garbage
define MAX_LIST_SIZE to be 10,000
Patch: Dvir Volk
This closes #511
Project: http://git-wip-us.apache.org/repos/asf/thrift/repo
Commit: http://git-wip-us.apache.org/repos/asf/thrift/commit/7daf00ce
Tree: http://git-wip-us.apache.org/repos/asf/thrift/tree/7daf00ce
Diff: http://git-wip-us.apache.org/repos/asf/thrift/diff/7daf00ce
Branch: refs/heads/master
Commit: 7daf00ceb1b6d52f7ab612b03f63907866381ff1
Parents: 56d38fb
Author: Roger Meier <ro...@apache.org>
Authored: Wed Jun 3 11:45:35 2015 +0200
Committer: Roger Meier <ro...@apache.org>
Committed: Wed Jun 3 11:45:35 2015 +0200
----------------------------------------------------------------------
lib/py/src/protocol/fastbinary.c | 21 ++++++++++++++++++---
1 file changed, 18 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/thrift/blob/7daf00ce/lib/py/src/protocol/fastbinary.c
----------------------------------------------------------------------
diff --git a/lib/py/src/protocol/fastbinary.c b/lib/py/src/protocol/fastbinary.c
index 4133e98..93c4911 100644
--- a/lib/py/src/protocol/fastbinary.c
+++ b/lib/py/src/protocol/fastbinary.c
@@ -32,7 +32,7 @@
# if defined(_MSC_VER) && _MSC_VER < 1600
typedef int _Bool;
# define bool _Bool
-# define false 0
+# define false 0
# define true 1
# endif
# define inline __inline
@@ -197,6 +197,21 @@ check_ssize_t_32(Py_ssize_t len) {
return true;
}
+#define MAX_LIST_SIZE (10000)
+
+static inline bool
+check_list_length(Py_ssize_t len) {
+ // error from getting the int
+ if (INT_CONV_ERROR_OCCURRED(len)) {
+ return false;
+ }
+ if (!CHECK_RANGE(len, 0, MAX_LIST_SIZE)) {
+ PyErr_SetString(PyExc_OverflowError, "list size out of the sanity limit (10000 items max)");
+ return false;
+ }
+ return true;
+}
+
static inline bool
parse_pyint(PyObject* o, int32_t* ret, int32_t min, int32_t max) {
long val = PyInt_AsLong(o);
@@ -1028,7 +1043,7 @@ decode_val(DecodeBuffer* input, TType type, PyObject* typeargs) {
}
len = readI32(input);
- if (!check_ssize_t_32(len)) {
+ if (!check_list_length(len)) {
return NULL;
}
@@ -1164,7 +1179,7 @@ decode_binary(PyObject *self, PyObject *args) {
PyObject* typeargs = NULL;
StructTypeArgs parsedargs;
DecodeBuffer input = {0, 0};
-
+
if (!PyArg_ParseTuple(args, "OOO", &output_obj, &transport, &typeargs)) {
return NULL;
}