cf-natali commented on issue #356: libprocess: check protobuf (de)serialisation success. URL: https://github.com/apache/mesos/pull/356#issuecomment-610643627 > This will only return false for the message being too large? Where do you see out of memory being handled? Agreed. I *thought* it would handle it, but it looks like it just lets `std::bad_alloc` propagate. > It also looks like invalid UTF-8 does not fail serialization, but rather only logs an error for "proto3" always and logs an error in debug mode for "proto2", see [this example of a proto3 message](https://github.com/protocolbuffers/protobuf/blob/v3.11.4/src/google/protobuf/any.pb.cc#L214). Indeed, it's a bit of a mess. Basically what happened in our case is that the framework re-serialises a subset of the messages received from the master into an event log, but uses proto3 - so serialisation would work, but then deserialising this would fail... It's a bit sad that with proto3 serialising invalid uft8 doesn't fail but deserialising fails, it's contrary to Postel's principle :). > I'm a little puzzled at how you saw the logging, is your libprotobuf using debug mode? Interesting - we actually build our own libprotobuf - I'll ask our IT to double-check. > **Serialization of invalid UTF-8**: > > * "proto3": serialization will succeed but invalid UTF-8 will be logged. > > * "proto2": serialization will succeed. Invalid UTF-8 will only be logged in debug mode (NDEBUG not defined). > > > **De-serialization of invalid UTF-8**: > > * "proto3": de-serialization will fail and it will be logged. > > * "proto2": de-serialization will succeed. Invalid UTF-8 will only be logged in debug mode (NDEBUG not defined). Yes, it also matches my testing.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
