Thrift
  1. Thrift
  2. THRIFT-1365

TupleProtocol#writeBitSet unintentionally writes a variable length byte array

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.8
    • Labels:
      None

      Description

      BitSet.length() only returns the highest-set-bit, meaning that if you have more than 8 optional fields, and the 9+th optional field is unset, then only the first byte's worth of bits will be serialized. This leads to a problem on the read side, where the bit vector is assumed to be fixed width, and arbitrary deserialization occurs.

      1. thrift-1365.patch
        4 kB
        Bryan Duxbury

        Activity

        Bryan Duxbury created issue -
        Bryan Duxbury made changes -
        Field Original Value New Value
        Attachment thrift-1365.patch [ 12496565 ]
        Bryan Duxbury made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Fixed [ 1 ]

          People

          • Assignee:
            Bryan Duxbury
            Reporter:
            Bryan Duxbury
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development