THRIFT-5255: Fix stack overflow in framed transport
Client: c_glib
Patch: wangyunjian <wangyunjian@huawei.com>
This closes #2206
Signed-off-by: wangyunjian <wangyunjian@huawei.com>
diff --git a/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c b/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
index 1faf16e..f7b8192 100644
--- a/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
+++ b/lib/c_glib/src/thrift/c_glib/transport/thrift_framed_transport.c
@@ -98,7 +98,7 @@
sz = ntohl (sz);
/* create a buffer to hold the data and read that much data */
- tmpdata = g_alloca (sz);
+ tmpdata = g_new0 (guchar, sz);
bytes = thrift_transport_read (t->transport, tmpdata, sz, error);
if (bytes > 0 && (error == NULL || *error == NULL))
@@ -108,6 +108,7 @@
result = TRUE;
}
+ g_free (tmpdata);
}
return result;
@@ -249,7 +250,7 @@
sz_nbo = (gint32) htonl ((guint32) t->w_buf->len);
/* copy the size of the frame and then the frame itself */
- tmpdata = g_alloca (sz_hbo);
+ tmpdata = g_new0 (guchar, sz_hbo);
memcpy (tmpdata, (guint8 *) &sz_nbo, sizeof (sz_nbo));
if (t->w_buf->len > 0)
@@ -265,7 +266,7 @@
THRIFT_TRANSPORT_GET_CLASS (t->transport)->flush (t->transport,
error);
-
+ g_free (tmpdata);
return TRUE;
}