[thrift] branch master updated: THRIFT-5255: Fix stack overflow in framed transport Client: c_glib Patch: wangyunjian

Tue, 01 Sep 2020 23:50:58 -0700 

This is an automated email from the ASF dual-hosted git repository.

jensg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/thrift.git


The following commit(s) were added to refs/heads/master by this push:
     new 073166f  THRIFT-5255: Fix stack overflow in framed transport Client: 
c_glib Patch: wangyunjian <[email protected]>
073166f is described below

commit 073166f2c4b99b5ab4b425dd2dfc137b00a2e260
Author: wangyunjian <[email protected]>
AuthorDate: Sun Jul 26 21:25:50 2020 +0800

    THRIFT-5255: Fix stack overflow in framed transport
    Client: c_glib
    Patch: wangyunjian <[email protected]>
    
    This closes #2206
    
    Signed-off-by: wangyunjian <[email protected]>
---
 lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c 
b/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
index 1faf16e..f7b8192 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
@@ -98,7 +98,7 @@ thrift_framed_transport_read_frame (ThriftTransport 
*transport,
     sz = ntohl (sz);
 
     /* create a buffer to hold the data and read that much data */
-    tmpdata = g_alloca (sz);
+    tmpdata = g_new0 (guchar, sz);
     bytes = thrift_transport_read (t->transport, tmpdata, sz, error);
 
     if (bytes > 0 && (error == NULL || *error == NULL))
@@ -108,6 +108,7 @@ thrift_framed_transport_read_frame (ThriftTransport 
*transport,
 
       result = TRUE;
     }
+    g_free (tmpdata);
   }
 
   return result;
@@ -249,7 +250,7 @@ thrift_framed_transport_flush (ThriftTransport *transport, 
GError **error)
   sz_nbo = (gint32) htonl ((guint32) t->w_buf->len);
 
   /* copy the size of the frame and then the frame itself */
-  tmpdata = g_alloca (sz_hbo);
+  tmpdata = g_new0 (guchar, sz_hbo);
   memcpy (tmpdata, (guint8 *) &sz_nbo, sizeof (sz_nbo));
 
   if (t->w_buf->len > 0)
@@ -265,7 +266,7 @@ thrift_framed_transport_flush (ThriftTransport *transport, 
GError **error)
 
   THRIFT_TRANSPORT_GET_CLASS (t->transport)->flush (t->transport,
                                                     error);
-
+  g_free (tmpdata);
   return TRUE;
 }

Reply via email to