You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Roger Meier (JIRA)" <ji...@apache.org> on 2013/05/05 23:40:15 UTC
[jira] [Resolved] (THRIFT-1932) TFileTransport::readEvent() casts
values read from input stream into a pointer and then dereferences it.
[ https://issues.apache.org/jira/browse/THRIFT-1932?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Roger Meier resolved THRIFT-1932.
---------------------------------
Resolution: Fixed
Assignee: Roger Meier
Thanks Hugo!
committed
> TFileTransport::readEvent() casts values read from input stream into a pointer and then dereferences it.
> --------------------------------------------------------------------------------------------------------
>
> Key: THRIFT-1932
> URL: https://issues.apache.org/jira/browse/THRIFT-1932
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.9
> Environment: Hardened Gentoo amd64 Linux
> Reporter: Hugo Mildenberger
> Assignee: Roger Meier
> Attachments: thrift-0.9.0-fix-type-punned-pointer-warning.patch
>
>
> The Compilation of thrift-0.9.0 ended with the following warnings:
> * QA Notice: Package triggers severe warnings which indicate that it
> * may exhibit random runtime failures.
> * src/thrift/transport/TFileTransport.cpp:715:56: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> * src/thrift/transport/TFileTransport.cpp:726:84: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
> When looking into src/thrift/transport/TFileTransport.cpp:715 ...
> 711 readState_.eventSizeBuff_[readState_.eventSizeBuffPos_++] =
> 712 readBuff_[readState_.bufferPtr_++];
> 713 if (readState_.eventSizeBuffPos_ == 4) {
> 714 // 0 length event indicates padding
> 715 if (*((uint32_t *)(readState_.eventSizeBuff_)) == 0) {
> 716 // T_DEBUG_L(1, "Got padding");
> 717 readState_.resetState(readState_.lastDispatchPtr_);
> 718 continue;
> 719 }
> ... it becomes obvious that the four values casted into a pointer were previously read from the input stream by ::read() in line 661:
> 661 readState_.bufferLen_ = ::read(fd_, readBuff_, readBuffSize_);
> Same issue here:
> 725 readState_.event_ = new eventInfo();
> 726 readState_.event_->eventSize_ = \*((uint32_t*)(readState_.eventSizeBuff_));
> 727
> While it is a two minute job fix this problem, the method TFileTransport::readEvent() looks so fragile that a clean rewrite appears to be more appropriate.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira