Uploaded image for project: 'Thrift'
  1. Thrift
  2. THRIFT-1654

c_glib thrift_socket_read() returns corrupted data

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Duplicate
    • 0.7, 0.8
    • 0.9
    • C glib - Library
    • None
    • Linux

    Description

      In Thrift source code there is a file lib/c_glib/src/transport/thrift_socket.c. In this file there is a function thrift_socket_read():
      ------------------------------------------------------
      ...
      /* implements thrift_transport_read */
      gint32
      thrift_socket_read (ThriftTransport *transport, gpointer buf,
      guint32 len, GError **error)
      {
      gint ret = 0;
      guint got = 0;

      ThriftSocket *socket = THRIFT_SOCKET (transport);

      while (got < len)
      {
      ret = recv (socket->sd, buf, len, 0); <====== In each while-loop iteration data are written from the beginning of buffer. Previously collected data are overwritten. This eventually leads to a corrupted frame in Thrift framed ransport and causes crash. To fix, replace 'buf' with 'buf + got', 'len' with 'len-got'.

      if (ret < 0)

      { g_set_error (error, THRIFT_TRANSPORT_ERROR, THRIFT_TRANSPORT_ERROR_RECEIVE, "failed to read %d bytes - %s", len, strerror(errno)); return -1; }

      got += ret;
      }

      return got;
      }
      ...
      ------------------------------------------------------

      At time of writing this bug is in Thrift 0.7, 0.8 and in trunk.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              andris Andris Mednis
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: