Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / packaging / sources / thrift / 42d0b717746a748a50a19e7e7842373488048dc3^! / . / lib / rs / src / transport / framed.rs
commit42d0b717746a748a50a19e7e7842373488048dc3[log] [tgz]
authorHasnain Lakhani <m.hasnain.lakhani@gmail.com>Thu Jul 17 19:57:05 2025 -0700
committerJens Geyer <Jens-G@users.noreply.github.com>Mon Jul 21 23:37:25 2025 +0200
tree2e4d0cec3f30de71fb7e0e3863c016fcc4e94a5d
parent9cff8b9f5b217c143c75299939c32573ccd4c9c3 [diff] [blame]
[THRIFT-5871] Add message / container size checking for Rust

Bring the Rust implementation somewhat up to par with the other implementations.
I tried 4-5 different ways to get the "perfect" check but since trait specialization is not yet stable,
I was not able to arrive at a solution I'm happy with (code was either ugly, or had runtime overhead).

So for now, we avoid full message size tracking / more precise limit checking, but this is a strong step
in the right direction.

diff --git a/lib/rs/src/transport/framed.rs b/lib/rs/src/transport/framed.rs
index d8a7448..cf959be 100644
--- a/lib/rs/src/transport/framed.rs
+++ b/lib/rs/src/transport/framed.rs

@@ -21,6 +21,7 @@
 use std::io::{Read, Write};
 
 use super::{TReadTransport, TReadTransportFactory, TWriteTransport, TWriteTransportFactory};
+use crate::TConfiguration;
 
 /// Default capacity of the read buffer in bytes.
 const READ_CAPACITY: usize = 4096;
@@ -61,6 +62,7 @@
     pos: usize,
     cap: usize,
     chan: C,
+    config: TConfiguration,
 }
 
 impl<C> TFramedReadTransport<C>
@@ -81,6 +83,7 @@
             pos: 0,
             cap: 0,
             chan: channel,
+            config: TConfiguration::default(),
         }
     }
 }
@@ -91,7 +94,28 @@
 {
     fn read(&mut self, b: &mut [u8]) -> io::Result<usize> {
         if self.cap - self.pos == 0 {
-            let message_size = self.chan.read_i32::<BigEndian>()? as usize;
+            let frame_size_bytes = self.chan.read_i32::<BigEndian>()?;
+
+            if frame_size_bytes < 0 {
+                return Err(io::Error::new(
+                    io::ErrorKind::InvalidData,
+                    format!("Negative frame size: {}", frame_size_bytes),
+                ));
+            }
+
+            let message_size = frame_size_bytes as usize;
+
+            if let Some(max_frame) = self.config.max_frame_size() {
+                if message_size > max_frame {
+                    return Err(io::Error::new(
+                        io::ErrorKind::InvalidData,
+                        format!(
+                            "Frame size {} exceeds maximum allowed size of {}",
+                            message_size, max_frame
+                        ),
+                    ));
+                }
+            }
 
             let buf_capacity = cmp::max(message_size, READ_CAPACITY);
             self.buf.resize(buf_capacity, 0);
@@ -125,7 +149,6 @@
         Box::new(TFramedReadTransport::new(channel))
     }
 }
-
 /// Transport that writes framed messages.
 ///
 /// A `TFramedWriteTransport` maintains a fixed-size internal write buffer. All