You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@thrift.apache.org by "Yuxuan Wang (Jira)" <ji...@apache.org> on 2020/10/11 18:32:00 UTC
[jira] [Commented] (THRIFT-5294) Go: TSimpleJSONProtocol could
panic on WriteMessageEnd without matching WriteMessageBegin
[ https://issues.apache.org/jira/browse/THRIFT-5294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17212002#comment-17212002 ]
Yuxuan Wang commented on THRIFT-5294:
-------------------------------------
Added unit test for all protocols in the PR and found out that TCompactProtocol.[Read|Write]StructEnd could also panic, and fixed that in the PR as well.
> Go: TSimpleJSONProtocol could panic on WriteMessageEnd without matching WriteMessageBegin
> -----------------------------------------------------------------------------------------
>
> Key: THRIFT-5294
> URL: https://issues.apache.org/jira/browse/THRIFT-5294
> Project: Thrift
> Issue Type: Task
> Components: Go - Library
> Affects Versions: 0.13.0
> Reporter: Yuxuan Wang
> Assignee: Yuxuan Wang
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> I noticed the issue while writing the example loggingMiddleware code in https://github.com/apache/thrift/pull/1992#issuecomment-705903922. The root cause is that we have two context stacks when implementing TSimpleJSONProtocol in go library, but we never check the slice length before the popping/peeking operations, and in certain circumstances (e.g. calling WriteMessageEnd without matching WriteMessageBegin) it would panic with using -1 as the slice index.
> It should return an TProtocolException instead.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)