[
https://issues.apache.org/jira/browse/THRIFT-4624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16613869#comment-16613869
]
ASF GitHub Bot commented on THRIFT-4624:
----------------------------------------
k32 commented on issue #1585: THRIFT-4624: Fix refc binary leak
URL: https://github.com/apache/thrift/pull/1585#issuecomment-421101392
I found these errors via code review, while evaluating this library and
doing some rapid prototyping. I'm not using Thrift in production. However, I
would recommend merging at least part changing list_to_atom to
list_to_existing_atom, because (if it wasn't obvious) it fixes a pretty bad DOS
vulnerability, allowing attacker to take down the entire Erlang VM by filling
up atom table.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Refc binary leak in binary and compact protocols
> ------------------------------------------------
>
> Key: THRIFT-4624
> URL: https://issues.apache.org/jira/browse/THRIFT-4624
> Project: Thrift
> Issue Type: Improvement
> Components: Erlang - Library
> Reporter: something
> Priority: Major
>
> Pattern-matching on large (>64B) Erlang binaries merely produces slices of
> objects on the Refc heap. Therefore Thrift binary and compact protocols
> should clone all binaries they send to upper levels, otherwise there's a
> chance that transport-level messages will be never freed.
> Patch is underway.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
