You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Andris Mednis (JIRA)" <ji...@apache.org> on 2012/07/24 17:33:33 UTC
[jira] [Updated] (THRIFT-1654) c_glib thrift_socket_read() returns
corrupted data
[ https://issues.apache.org/jira/browse/THRIFT-1654?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andris Mednis updated THRIFT-1654:
----------------------------------
Description:
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
was:
In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
------------------------------------------------------
...
/* implements thrift_transport_read */
gint32
thrift_socket_read (ThriftTransport *transport, gpointer buf,
guint32 len, GError **error)
{
gint ret = 0;
guint got = 0;
ThriftSocket *socket = THRIFT_SOCKET (transport);
while (got < len)
{
ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously
collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed transport and causes crash. To fix, replace '
buf' with 'buf + got'.
if (ret < 0)
{
g_set_error (error, THRIFT_TRANSPORT_ERROR,
THRIFT_TRANSPORT_ERROR_RECEIVE,
"failed to read %d bytes - %s", len, strerror(errno));
return -1;
}
got += ret;
}
return got;
}
...
------------------------------------------------------
At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
> c_glib thrift_socket_read() returns corrupted data
> --------------------------------------------------
>
> Key: THRIFT-1654
> URL: https://issues.apache.org/jira/browse/THRIFT-1654
> Project: Thrift
> Issue Type: Bug
> Components: C glib - Library
> Affects Versions: 0.7, 0.8
> Environment: Linux
> Reporter: Andris Mednis
>
> In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
> ------------------------------------------------------
> ...
> /* implements thrift_transport_read */
> gint32
> thrift_socket_read (ThriftTransport *transport, gpointer buf,
> guint32 len, GError **error)
> {
> gint ret = 0;
> guint got = 0;
> ThriftSocket *socket = THRIFT_SOCKET (transport);
> while (got < len)
> {
> ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got'.
> if (ret < 0)
> {
> g_set_error (error, THRIFT_TRANSPORT_ERROR,
> THRIFT_TRANSPORT_ERROR_RECEIVE,
> "failed to read %d bytes - %s", len, strerror(errno));
> return -1;
> }
> got += ret;
> }
> return got;
> }
> ...
> ------------------------------------------------------
> At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira