diff options
author | wangyunjian <wangyunjian@huawei.com> | 2020-07-26 21:25:50 +0800 |
---|---|---|
committer | Jens Geyer <jensg@apache.org> | 2020-09-02 08:49:42 +0200 |
commit | 073166f2c4b99b5ab4b425dd2dfc137b00a2e260 (patch) | |
tree | e6e3e48a99ac7bb1146aedb88647285fd9e083f2 | |
parent | 021cb2707086a926ae49dcb9c1b7929472d0daa9 (diff) | |
download | thrift-073166f2c4b99b5ab4b425dd2dfc137b00a2e260.tar.gz |
THRIFT-5255: Fix stack overflow in framed transport
Client: c_glib
Patch: wangyunjian <wangyunjian@huawei.com>
This closes #2206
Signed-off-by: wangyunjian <wangyunjian@huawei.com>
-rw-r--r-- | lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c index 1faf16ecb..f7b819260 100644 --- a/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c +++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c @@ -98,7 +98,7 @@ thrift_framed_transport_read_frame (ThriftTransport *transport, sz = ntohl (sz); /* create a buffer to hold the data and read that much data */ - tmpdata = g_alloca (sz); + tmpdata = g_new0 (guchar, sz); bytes = thrift_transport_read (t->transport, tmpdata, sz, error); if (bytes > 0 && (error == NULL || *error == NULL)) @@ -108,6 +108,7 @@ thrift_framed_transport_read_frame (ThriftTransport *transport, result = TRUE; } + g_free (tmpdata); } return result; @@ -249,7 +250,7 @@ thrift_framed_transport_flush (ThriftTransport *transport, GError **error) sz_nbo = (gint32) htonl ((guint32) t->w_buf->len); /* copy the size of the frame and then the frame itself */ - tmpdata = g_alloca (sz_hbo); + tmpdata = g_new0 (guchar, sz_hbo); memcpy (tmpdata, (guint8 *) &sz_nbo, sizeof (sz_nbo)); if (t->w_buf->len > 0) @@ -265,7 +266,7 @@ thrift_framed_transport_flush (ThriftTransport *transport, GError **error) THRIFT_TRANSPORT_GET_CLASS (t->transport)->flush (t->transport, error); - + g_free (tmpdata); return TRUE; } |