[THRIFT-1328] TBaseHelper.toString(...) appends ByteBuffer data outside of valid buffer range - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 0.5
Fix Version/s: 0.8
Component/s: Java - Library
Labels:
None
Environment:

Java 1.6, Mac OSX 10.6.8 64-bit

Patch Info:

Patch Available

Description

I have a Thrift struct T which declares a binary field f3 after two other fields f1 and f2. After successful deserialization of a T instance, f3 references a ByteBuffer which wraps the raw byte[] containing all T instance data and has position and limit set to scope reads to valid f3 bytes. This is great because it means less copying of raw byte[] data.

However, TBaseHelper.toString(ByteBuffer bb, StringBuilder sb) uses Buffer.array() and Buffer.arrayOffset() to read f3 data, causing it to append bytes to sb which lie outside f3's valid range in the backing byte[].

It seems like this logic is also present in latest version of TBaseHelper: http://svn.apache.org/viewvc/thrift/trunk/lib/java/src/org/apache/thrift/TBaseHelper.java?revision=1038833&view=markup#l223

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

fix-bytebuffer-access.patch
07/Sep/11 06:20
2 kB
Andy Schlaikjer
fix-bytebuffer-access-02.patch
07/Sep/11 18:04
2 kB
Andy Schlaikjer

Activity

People

Assignee:: Andy Schlaikjer

Reporter:: Andy Schlaikjer

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 07/Sep/11 00:46

Updated:: 07/Sep/11 18:48

Resolved:: 07/Sep/11 18:13