Status: New
Labels: Type-Defect Priority-Medium

New issue 639 by Protobuf segfaults on attempt to serialize a very large object

What steps will reproduce the problem?
1. attempt to serialize message larger than 2.1 Gb
2. Running on RHEL 5. using gcc 4.1.2.

What is the expected output? What do you see instead?
  Expect serialization to complete. Instead getting a segfault.

What version of the product are you using? On what operating system?
  Checked source code for 2.5.0, which appears to have same issue.

Please provide any additional information below.

problem appears to be in "bool StringOutputStream::Next(void** data, int* size)" implementation.

please see suggested patch in attachment.

Problem occurs when size of serialized object grows above 2.1 Gb (2 ^ 31 bytes). In current implementation there is a signed integer that holds "old size":
  int old_size = target_->size();
  max(old_size * 2,
      kMinimumSize + 0));  // "+ 0" works around GCC4 weirdness.

Thus it is possible that "old_size * 2" becomes negative. And as a result of that "new size" becomes actually less than original one, which eventually leads to segfault (on attempt to access 'old_size' element in reallocated small buffer).

It is a separate question on whether or not it is good design that leads to such large serialized objects, but I don believe that protobuf library code should cause segfault.

This actually brings a related question on signature of following methods:
   bool Next(void** data, int* size)
   void BackUp(int count)
   int Skip(int count)

Should not "size" argument be unsigned?

Attachments:  2.0 KB

You received this message because this project is configured to send all issue notifications to this address.
You may adjust your notification preferences at:

You received this message because you are subscribed to the Google Groups "Protocol 
Buffers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to