Please sign in to comment.
[Security] HHVM Accelerated Thrift: Protect against infinte loop in d…
…eserialization Summary: As reported in T22402076, a maliciously crafted serialized message can trigger an infinite loop in the deserialization code of HHVM accelerated Thrift. The cause of the bug if an overflow of the computed capacity which never exit the loop. `while (Capacity(scale) < n) scale *= 2;` The added check is (I believe) negligle in performance as the branch will almost always be correctly predicted. Reviewed By: alexeyt Differential Revision: D6684202 fbshipit-source-id: ef5b72a67bbec9f6bda5db4b0bb5f3c7793bc5dd
- Loading branch information...
Showing with 4 additions and 1 deletion.