THRIFT-5931: c_glib: avoid fixed-size buffers in thrift_ssl_socket_ge…#3355
Merged
Jens-G merged 1 commit intoapache:masterfrom Mar 22, 2026
Merged
Conversation
…t_ssl_error() thrift_ssl_socket_get_ssl_error() still builds SSL error messages in a fixed stack buffer while tracking remaining space with a signed counter that is updated by subtracting snprintf() return values. If the formatted error text is long enough, that counter can underflow and the later writes can walk past the intended buffer boundaries. Build the error message with GString instead so the helper no longer depends on hand-rolled remaining-space arithmetic. Signed-off-by: Pengpeng Hou <pengpeng@iscas.ac.cn>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR tightens the SSL error formatting path in the C GLib transport.
Current head still uses a fixed local
char buffer[1024]plus a remaining-size counter that is updated by subtractingsnprintf()return values. That pattern is fragile: once the formatted error text grows enough, the counter can underflow and the next append can compute a write position past the intended stack buffer.The fix replaces that ad hoc buffer management with
GString. That keeps the error message assembly simple, avoids remaining-space underflow, and removes the risk of walking past the fixed buffer while formatting chained SSL errors.I kept the change isolated to
thrift_ssl_socket_get_ssl_error()so the review only has to reason about one helper and its call sites.Validation performed locally:
git diff --checkRelated Jira: