[jira] [Commented] (THRIFT-4024) Skip() should throw on unknown data types

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/THRIFT-4024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816319#comment-15816319
 ] 

ASF GitHub Bot commented on THRIFT-4024:
----------------------------------------

GitHub user Jens-G opened a pull request:

    https://github.com/apache/thrift/pull/1155

    THRIFT-4024 Skip() should throw on unknown data types

    Fixes for 
     * Go
     * C#
     * NETCore
     * Delphi
     * Haxe
     

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Jens-G/thrift THRIFT-4024

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/thrift/pull/1155.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1155
    
----
commit 3ae12ae52f551d6bce715e6dd8f336781ee46c54
Author: Jens Geyer <je...@apache.org>
Date:   2017-01-10T20:57:48Z

    THRIFT-4024 Skip() should throw on unknown data types

----


> Skip() should throw on unknown data types
> -----------------------------------------
>
>                 Key: THRIFT-4024
>                 URL: https://issues.apache.org/jira/browse/THRIFT-4024
>             Project: Thrift
>          Issue Type: Bug
>          Components: .NETCore - Library, C# - Library, Delphi - Library, Go - 
> Library, Haxe - Library
>    Affects Versions: 0.10.0
>            Reporter: Michael Antipin
>            Assignee: Jens Geyer
>
> I'm using TBinaryProtocol and a simple transport that reads from a given byte 
> array.
> C# library contains the following code in TProtocolUtil.Skip(TProtocol prot, 
> TType type):
> {code}
> case TType.List:
>       TList list = prot.ReadListBegin();
>       for (int i = 0; i < list.Count; i++) {
>               Skip(prot, list.ElementType);
>       }
>       prot.ReadListEnd();
>       break;
> {code}
> The type of elements is detected in ReadListBegin(), and, as Skip() does 
> nothing for unknown types, the position in the binary remains the same until 
> the for loop completes. 
> So, when you try to deserialize invalid data, and a field type happens to be 
> detected as TType.List, you may end up waiting for a random period of time 
> until deserialization is completed (734707176 iterations of skipping in my 
> case).
> I suggest throwing an exception immediately when list elements type is 
> unknown. May be, it would be good to have a setting like *FailOnUnknownType*, 
> so that Skip() will throw instead of ignoring.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)