Skip to content

fix off-by-ten header bounds check in readHeaderFormat#3597

Open
dxbjavid wants to merge 2 commits into
apache:masterfrom
dxbjavid:header-bounds-check
Open

fix off-by-ten header bounds check in readHeaderFormat#3597
dxbjavid wants to merge 2 commits into
apache:masterfrom
dxbjavid:header-bounds-check

Conversation

@dxbjavid

@dxbjavid dxbjavid commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

readHeaderFormat checks the declared header size against the whole frame size, but the parse pointer has already moved past the 10-byte common header before that check, so a header size landing in the last 10 bytes of the frame leaves the header boundary pointing up to 10 bytes beyond the receive buffer. The varint and string readers only stop at that boundary, so a malformed THeader frame makes them read past the end of the buffer. Comparing the header section against the remaining sz - 10 bytes keeps the boundary inside the allocation, and the added test drives the read path with such a frame.

  • Did you create an Apache Jira ticket? (Request account here, not required for trivial changes)
  • If a ticket exists: Does your pull request title follow the pattern "THRIFT-NNNN: describe my issue"?
  • Did you squash your changes to a single commit? (not required, but preferred)
  • Did you do your best to avoid breaking changes? If one was needed, did you label the Jira ticket with "Breaking-Change"?
  • If your change does not involve any code, include [skip ci] anywhere in the commit message to free up build resources.

@mergeable mergeable Bot added the c++ Pull requests that update C++ code label Jun 13, 2026
@Jens-G @claude
link UnitTests against libthriftz to resolve THeaderTransport vtable
28b7cb6 
THeaderTransport.cpp is compiled into libthriftz, not libthrift.
Without this link, the new THeaderTransport test case produces an
undefined reference to the vtable at link time.

Client: cpp

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@mergeable mergeable Bot added the build and general CI cmake, automake and build system changes label Jun 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@emmenlau emmenlau Awaiting requested review from emmenlau emmenlau is a code owner

@mhlakhani mhlakhani Awaiting requested review from mhlakhani mhlakhani is a code owner

Assignees

No one assigned

Labels

build and general CI cmake, automake and build system changes c++ Pull requests that update C++ code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dxbjavid @Jens-G