Jens Geyer created THRIFT-5974:
----------------------------------
Summary: TJSONProtocol::readByte() asserts instead of throwing on
out-of-range value
Key: THRIFT-5974
URL: https://issues.apache.org/jira/browse/THRIFT-5974
Project: Thrift
Issue Type: Bug
Components: C++ - Library
Reporter: Jens Geyer
Assignee: Hasnain Lakhani
Fix For: 0.23.0
`TJSONProtocol::readByte()` used `assert(tmp < 256)` to validate the parsed
JSON integer against the expected byte range. In builds compiled with
assertions enabled (debug builds, fuzzing compiler modes), parsing an
out-of-range value causes the process to abort rather than raising a
recoverable protocol error.
The assertion was also incorrect: it checked `tmp < 256` but `tmp` is an
`int16_t`, so negative values (< -128) were accepted without error.
*Fix:* replaced the assertion with an explicit range check
(`tmp > 127 || tmp < -128`) and a thrown
`TProtocolException(INVALID_DATA, ...)`, consistent with how other
out-of-range conditions are handled in the JSON protocol reader.
A regression test was added to `lib/cpp/test/JSONProtoTest.cpp`.
Reported by Hasnain Lakhani. Fixed in commit b0252a9b4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
