[
https://issues.apache.org/jira/browse/THRIFT-5369?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309424#comment-17309424
]
Yuxuan Wang commented on THRIFT-5369:
-------------------------------------
[~jensg] strings and binary are already limited in
https://github.com/apache/thrift/pull/2296 (by MaxMessageSize).
We can also just limit container size by MaxMessageSize. The problem with that
is MaxMessageSize [defaults to
100M|https://github.com/apache/thrift/blob/b87873222a509f5c6ba07e9d7c78d7b20909f805/lib/go/thrift/configuration.go#L30].
> Malformed payload can still cause huge allocations
> --------------------------------------------------
>
> Key: THRIFT-5369
> URL: https://issues.apache.org/jira/browse/THRIFT-5369
> Project: Thrift
> Issue Type: Bug
> Components: Go - Compiler, Go - Library
> Affects Versions: 0.14.1
> Reporter: Juraci Paixão Kröhling
> Assignee: Yuxuan Wang
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> While testing Jaeger with the fix provided as part of THRIFT-5322, users in
> our community reported that they are still seeing huge allocations when
> malformed packets are received by our backend (jaeger-agent). See the
> [discussion starting from this comment by vchirikov on Mar
> 5|https://github.com/jaegertracing/jaeger/issues/2638#issuecomment-791242270].
>
> Based on the comment from [~fishywang] in the issue linked above, I
> understand that the issue should be addressed at both the compiler and the Go
> library:
> bq. The sanity check on container header should be done in thrift go library
> (github.com/apache/thrift/lib/go/thrift)
> bq.
> bq. If you want to avoid allocation of the containers upfront after it passed
> the header sanity check, then that needs to be don in thrift compiler (in
> generated go code)
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
