[
https://issues.apache.org/jira/browse/THRIFT-3978?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15955144#comment-15955144
]
ASF GitHub Bot commented on THRIFT-3978:
----------------------------------------
Github user jeking3 closed the pull request at:
https://github.com/apache/thrift/pull/1228
> Thrift C++ runtime uses assert to prevent overflows, checks sanity only in
> debug builds
> ---------------------------------------------------------------------------------------
>
> Key: THRIFT-3978
> URL: https://issues.apache.org/jira/browse/THRIFT-3978
> Project: Thrift
> Issue Type: Bug
> Components: C++ - Library
> Affects Versions: 0.10.0
> Environment: All
> Reporter: James E. King, III
> Assignee: James E. King, III
> Labels: security
>
> Currently there is widespread use of assert in the thrift C++ runtime
> library. Some of the more disturbing cases are security related, for example
> checking header sizes. I recommend we eliminate assertions that are only
> checked in debug mode, and instead throw the appropriate exception, usually a
> TTransportException with CORRUPTED_DATA as the reason. If we're going to
> check for an overflow or a buffer overrun, we should do so in debug and
> release modes. Further, assertions are not easily tested whereas exceptions
> are.
> In THRIFT-3873 apache::thrift::transport::safe_numeric_cast was added, so I
> also suggest changing static_cast to safe_numeric_cast where appropriate
> throughout the transport code to catch any overflow errors.
> Another location where assert is used liberally is inside the posix Mutex
> implementation.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
