[ https://issues.apache.org/jira/browse/THRIFT-4624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16613869#comment-16613869 ]
ASF GitHub Bot commented on THRIFT-4624: ---------------------------------------- k32 commented on issue #1585: THRIFT-4624: Fix refc binary leak URL: https://github.com/apache/thrift/pull/1585#issuecomment-421101392 I found these errors via code review, while evaluating this library and doing some rapid prototyping. I'm not using Thrift in production. However, I would recommend merging at least part changing list_to_atom to list_to_existing_atom, because (if it wasn't obvious) it fixes a pretty bad DOS vulnerability, allowing attacker to take down the entire Erlang VM by filling up atom table. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Refc binary leak in binary and compact protocols > ------------------------------------------------ > > Key: THRIFT-4624 > URL: https://issues.apache.org/jira/browse/THRIFT-4624 > Project: Thrift > Issue Type: Improvement > Components: Erlang - Library > Reporter: something > Priority: Major > > Pattern-matching on large (>64B) Erlang binaries merely produces slices of > objects on the Refc heap. Therefore Thrift binary and compact protocols > should clone all binaries they send to upper levels, otherwise there's a > chance that transport-level messages will be never freed. > Patch is underway. -- This message was sent by Atlassian JIRA (v7.6.3#76005)