Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
0.9
-
None
-
Patch Available
Description
I am seeing an issue where we are creating a Buffer of larger than 1GB so v8 crashes with a fatal exception:
FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData() length exceeds max acceptable value.
I believe this is due to the fact that we don't actually copy the residual data into the data buffer before reading it, so when we go to create the new frame buffer, we are using the result of binary.readI32(data, 0). Because the residual data isn't there, we create an overly large int and cause the crash.
I'm seeing this bug in node-thrift 0.9.0, but the bug seems like it would still exist in the latest version. I'm also using node 0.6.17.
This looks like it could be related to https://issues.apache.org/jira/browse/THRIFT-1754, but I haven't looked into that too much.