New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add verification of the length of the protobuf message #6070
Changes from all commits
514851f
93ddb7d
3ec2360
6cb9e9f
f2b6adf
3a8bb58
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -97,10 +97,19 @@ class ProtobufReader : private boost::noncopyable | |
bool readUInt(UInt64 & value); | ||
template<typename T> bool readFixed(T & value); | ||
bool readStringInto(PaddedPODArray<UInt8> & str); | ||
bool ALWAYS_INLINE maybeCanReadValue() const { return field_end != REACHED_END; } | ||
|
||
bool ALWAYS_INLINE maybeCanReadValue() const | ||
{ | ||
if (field_end == REACHED_END) | ||
return false; | ||
if (cursor < root_message_end) | ||
return true; | ||
|
||
throwUnknownFormat(); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @bopohaa I am not sure if this code is useful because I think there are enough checks for the end of the message in the functions There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
SimpleReader :: read * reads the entire stream without splitting it into separate messages. Therefore, it can read for quite a long time if the messages arrive with sufficient intensity. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Now I understand your point. I agree it's better to detect errors as soon as possible. I've slightly changed your solution because it's faster to only compare |
||
} | ||
|
||
private: | ||
void readBinary(void* data, size_t size); | ||
void readBinary(void * data, size_t size); | ||
void ignore(UInt64 num_bytes); | ||
void moveCursorBackward(UInt64 num_bytes); | ||
|
||
|
@@ -119,13 +128,17 @@ class ProtobufReader : private boost::noncopyable | |
void ignoreVarint(); | ||
void ignoreGroup(); | ||
|
||
[[noreturn]] void throwUnknownFormat() const; | ||
|
||
static constexpr UInt64 REACHED_END = 0; | ||
|
||
ReadBuffer & in; | ||
UInt64 cursor; | ||
std::vector<UInt64> parent_message_ends; | ||
UInt64 current_message_end; | ||
UInt64 field_end; | ||
|
||
UInt64 root_message_end; | ||
}; | ||
|
||
class IConverter | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think we should throw an exception in this case.
A message with all fields set by default doesn't seem to be incorrect.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed in #6132.