Jens-G opened a new pull request, #3508: URL: https://github.com/apache/thrift/pull/3508
## Summary - Five `assert()` calls in `TBufferTransports.cpp` guard `memcpy` operations and pointer arithmetic but are compiled out under `-DNDEBUG` (standard production build flag), silently removing the checks in release builds. - Each is replaced with an unconditional `TTransportException(INTERNAL_ERROR)` throw so a violated invariant is always observable regardless of build flags. - The now-unused `<cassert>` include is removed. ## Background These invariants protect against buffer overflow / pointer underflow scenarios that would occur if Thrift's own fast/slow-path dispatch logic ever had a bug (e.g. `readSlow` called when the buffer already satisfies the read, leading to `memcpy` into a too-small destination). While not directly reachable from external input, removing the silent-discard risk is consistent with the principle that checks guarding memory-safety operations must be unconditional. ## Affected checks | Location | Guard | Risk if violated under NDEBUG | |---|---|---| | `TBufferedTransport::readSlow` | `have >= len` | `memcpy` into destination smaller than `have` | | `TBufferedTransport::writeSlow` (entry) | `space >= len` | `uint32_t` underflow of `len -= space` → huge subsequent `memcpy` | | `TBufferedTransport::writeSlow` (tail) | `len >= wBufSize_` | `memcpy` past end of write buffer | | `TFramedTransport::readSlow` | `have >= want` | `memcpy` into destination smaller than `have` | | `TFramedTransport::flush` | `wBufSize_ <= sizeof(sz_nbo)` | Frame size calculation underflow | ## Test plan - [ ] All existing C++ unit tests pass (no behaviour change on non-buggy code paths) - [ ] `make style` passes 🤖 Generated with [Claude Code](https://claude.ai/claude-code) Co-Authored-By: Claude Sonnet 4.6 <[email protected]> Generated-by: Claude Sonnet 4.6 <[email protected]> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
