[
https://issues.apache.org/jira/browse/THRIFT-601?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12763524#action_12763524
]
Jonathan Ellis commented on THRIFT-601:
---------------------------------------
"Thrift is meant for for RPC between cooperating applications" is true but
meaningless. It's easy to achieve the same result through human error (e.g.
sufficiently incompatible protocols for the "same" service, or connecting to
the wrong port on a machine running two thrift services, or ...). This is
about being un-fragile, not protecting against malice.
> sending random data crashes thrift service
> ------------------------------------------
>
> Key: THRIFT-601
> URL: https://issues.apache.org/jira/browse/THRIFT-601
> Project: Thrift
> Issue Type: Bug
> Components: Library (Java)
> Reporter: Eric Evans
>
> Sending random data to a Java thrift service causes it to crash with extreme
> prejudice.
> dd if=/dev/urandom count=1 | nc $host 9160
> ... produces ...
> java.lang.OutOfMemoryError: Java heap space
> at
> org.apache.thrift.protocol.TBinaryProtocol.readStringBody(TBinaryProtocol.java:296)
> at
> org.apache.thrift.protocol.TBinaryProtocol.readMessageBegin(TBinaryProtocol.java:203)
> at
> org.apache.cassandra.service.Cassandra$Processor.process(Cassandra.java:615)
> at
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:253)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
> at java.lang.Thread.run(Thread.java:636)
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
