You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@thrift.apache.org by je...@apache.org on 2020/06/18 20:23:41 UTC

[thrift] branch master updated: THRIFT-5221: Fix stack overflow when reading buffer Client: c_glib Patch: wangyunjian

This is an automated email from the ASF dual-hosted git repository.

jensg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/thrift.git


The following commit(s) were added to refs/heads/master by this push:
     new 8b8633e  THRIFT-5221: Fix stack overflow when reading buffer Client: c_glib Patch: wangyunjian
8b8633e is described below

commit 8b8633e8d805905868f359adf85d18326204a5d5
Author: wangyunjian <wa...@huawei.com>
AuthorDate: Fri May 29 22:29:25 2020 +0800

    THRIFT-5221: Fix stack overflow when reading buffer
    Client: c_glib
    Patch: wangyunjian
    
    This closes #2161
    
    Signed-off-by: wangyunjian <wa...@huawei.com>
---
 lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c
index 0ab3e93..f13c5a3 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_buffered_transport.c
@@ -79,7 +79,7 @@ thrift_buffered_transport_read_slow (ThriftTransport *transport, gpointer buf,
   gint ret = 0;
   guint32 want = len;
   guint32 got = 0;
-  guchar *tmpdata = g_alloca (len);
+  guchar *tmpdata = g_new0 (guchar, len);
   guint32 have = t->r_buf->len;
 
   /* we shouldn't hit this unless the buffer doesn't have enough to read */
@@ -102,12 +102,14 @@ thrift_buffered_transport_read_slow (ThriftTransport *transport, gpointer buf,
                                                                 tmpdata,
                                                                 want,
                                                                 error)) < 0) {
+      g_free (tmpdata);
       return ret;
     }
     got += ret;
 
     /* copy the data starting from where we left off */
     memcpy ((guint8 *)buf + have, tmpdata, got);
+    g_free (tmpdata);
     return got + have; 
   } else {
     guint32 give;
@@ -116,11 +118,12 @@ thrift_buffered_transport_read_slow (ThriftTransport *transport, gpointer buf,
                                                                 tmpdata,
                                                                 want,
                                                                 error)) < 0) {
+      g_free (tmpdata);
       return ret;
     }
     got += ret;
     t->r_buf = g_byte_array_append (t->r_buf, tmpdata, got);
-    
+    g_free (tmpdata);
     /* hand over what we have up to what the caller wants */
     give = want < t->r_buf->len ? want : t->r_buf->len;