stiga-huang opened a new pull request, #2818:
URL: https://github.com/apache/thrift/pull/2818
<!-- Explain the changes in the pull request below: -->
This fixes the overflow in `TMemoryBuffer::ensureCanWrite()` when the
current usage plus the length of new content exceeds the max of uint32_t (e.g.
4GB). The buggy code is
```cpp
const uint32_t current_used = bufferSize_ - avail;
const uint32_t required_buffer_size = len + current_used;
if (required_buffer_size > maxBufferSize_) {
throw TTransportException(...)
}
```
`len + current_used` could exceed the max value of `uint32_t`. We should
define `current_used` as `uint64_t` so the result of the expression is also
`uint64_t`. Changed the type of `required_buffer_size` to `uint64_t` as well.
Added a unit test for this.
<!-- We recommend you review the checklist/tips before submitting a pull
request. -->
- [x] Did you create an [Apache
Jira](https://issues.apache.org/jira/projects/THRIFT/issues/) ticket?
([Request account here](https://selfserve.apache.org/jira-account.html), not
required for trivial changes)
- [x] If a ticket exists: Does your pull request title follow the pattern
"THRIFT-NNNN: describe my issue"?
- [x] Did you squash your changes to a single commit? (not required, but
preferred)
- [x] Did you do your best to avoid breaking changes? If one was needed,
did you label the Jira ticket with "Breaking-Change"?
- [x] If your change does not involve any code, include `[skip ci]` anywhere
in the commit message to free up build resources.
<!--
The Contributing Guide at:
https://github.com/apache/thrift/blob/master/CONTRIBUTING.md
has more details and tips for committing properly.
-->
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@thrift.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
