[jira] [Commented] (THRIFT-2006) TVirtualTransport::readAll_virt core dump

Mon, 08 Jul 2013 02:03:18 -0700 

    [ 
https://issues.apache.org/jira/browse/THRIFT-2006?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13701885#comment-13701885
 ] 

leeto commented on THRIFT-2006:
-------------------------------

After I add some code in the function:
template <class Transport_>
uint32_t TBinaryProtocolT<Transport_>::readMessageBegin(std::string& name,
                                                        TMessageType& 
messageType,
                                                        int32_t& seqid)


    if( sz>15728640 ) //15M
    {
        throw TProtocolException(TProtocolException::INVALID_DATA, "the message 
exceed the max size 15M bytes.");
    }

no crash now.

Any comments?
                
> TVirtualTransport::readAll_virt core dump
> -----------------------------------------
>
>                 Key: THRIFT-2006
>                 URL: https://issues.apache.org/jira/browse/THRIFT-2006
>             Project: Thrift
>          Issue Type: Bug
>          Components: C++ - Library
>    Affects Versions: 0.8
>         Environment: SUSE linux
>            Reporter: leeto
>            Priority: Critical
>
> When use "Nessus" tool scan the server, got below core file:
> Program terminated with signal 11, Segmentation fault.
> #0  0xf6a97d36 in memcpy () from /lib/libc.so.6
> (gdb) bt
> #0  0xf6a97d36 in memcpy () from /lib/libc.so.6
> #1  0x3d5c9c24 in ?? ()
> #2  0xf5c2096e in 
> apache::thrift::transport::TVirtualTransport<apache::thrift::transport::TBufferedTransport,
>  apache::thrift::transport::TBufferBase>::readAll_virt(unsigned char*, 
> unsigned int) () from /var/opt/lib/libloggingsynchronizer.so
> #3  0xf5c20d2c in 
> apache::thrift::protocol::TBinaryProtocolT<apache::thrift::transport::TTransport>::readStringBody(std::string&,
>  int) ()
>    from /var/opt/lib/libloggingsynchronizer.so
> #4  0xf5c2139b in 
> apache::thrift::protocol::TBinaryProtocolT<apache::thrift::transport::TTransport>::readMessageBegin(std::string&,
>  apache::thrift::protocol::TMessageType&, int&) () from 
> /var/opt/lib/libloggingsynchronizer.so
> #5  0xf5c215e2 in 
> apache::thrift::protocol::TVirtualProtocol<apache::thrift::protocol::TBinaryProtocolT<apache::thrift::transport::TTransport>,
>  
> apache::thrift::protocol::TProtocolDefaults>::readMessageBegin_virt(std::string&,
>  apache::thrift::protocol::TMessageType&, int&) ()
>    from /var/opt/lib/libloggingsynchronizer.so
> #6  0xf5c182ad in 
> Logging::LoggingConfigSynchronizerProcessor::process(boost::shared_ptr<apache::thrift::protocol::TProtocol>,
>  boost::shared_ptr<apache::thrift::protocol::TProtocol>, void*) () from 
> /var/opt/lib/libloggingsynchronizer.so
> #7  0xed2b0d5b in apache::thrift::server::TSimpleServer::serve 
> (this=0xf60eeba0) at src/server/TSimpleServer.cpp:103
> #8  0xf5c1b378 in Logging::Synchronizer::serve() () from 
> /var/opt/lib/libloggingsynchronizer.so

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to