commit 472f9e190c982454642e4edeca49b136722b27ef
author Roger Meier <roger@apache.org> Tue Aug 02 10:55:47 2011 +0000
committer Roger Meier <roger@apache.org> Tue Aug 02 10:55:47 2011 +0000
tree bb5594f70acb78752f5a9ad0695b8ea58f23e058
parent bb267d48e0934d486e4276d90326e385495cc2ec

THRIFT-1252 Segfault in Ruby deserializer
Patch: Ilya Maykov

git-svn-id: https://svn.apache.org/repos/asf/thrift/trunk@1153093 13f79535-47bb-0310-9956-ffa450edef68

lib/rb/ext/memory_buffer.c

diff --git a/lib/rb/ext/memory_buffer.c b/lib/rb/ext/memory_buffer.c
index 23cd9eb..bd1bac8 100644
--- a/lib/rb/ext/memory_buffer.c
+++ b/lib/rb/ext/memory_buffer.c
@@ -58,12 +58,12 @@
     rb_ivar_set(self, buf_ivar_id, rb_funcall(buf, slice_method_id, 2, INT2FIX(index), INT2FIX(RSTRING_LEN(buf) - 1)));
     index = 0;
   }
+  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
   if (RSTRING_LEN(data) < length) {
     rb_raise(rb_eEOFError, "Not enough bytes remain in memory buffer");
   }
 
-  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
   return data;
 }
 
@@ -76,12 +76,13 @@
     rb_raise(rb_eEOFError, "Not enough bytes remain in memory buffer");
   }
   char byte = RSTRING_PTR(buf)[index++];
-  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
   if (index >= GARBAGE_BUFFER_SIZE) {
     rb_ivar_set(self, buf_ivar_id, rb_funcall(buf, slice_method_id, 2, INT2FIX(index), INT2FIX(RSTRING_LEN(buf) - 1)));
     index = 0;
   }
+  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
+
   int result = (int) byte;
   return INT2FIX(result);
 }
@@ -98,12 +99,12 @@
       rb_raise(rb_eEOFError, "Not enough bytes remain in memory buffer");
     }
     char byte = RSTRING_PTR(buf)[index++];
-    rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
     if (index >= GARBAGE_BUFFER_SIZE) {
       rb_ivar_set(self, buf_ivar_id, rb_funcall(buf, slice_method_id, 2, INT2FIX(index), INT2FIX(RSTRING_LEN(buf) - 1)));
       index = 0;
     }
+    rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
     if (i >= RSTRING_LEN(buffer_value)) {
       rb_raise(rb_eIndexError, "index %d out of string", i);

lib/rb/lib/thrift/transport/memory_buffer_transport.rb

diff --git a/lib/rb/lib/thrift/transport/memory_buffer_transport.rb b/lib/rb/lib/thrift/transport/memory_buffer_transport.rb
index 5f740ca..62c5292 100644
--- a/lib/rb/lib/thrift/transport/memory_buffer_transport.rb
+++ b/lib/rb/lib/thrift/transport/memory_buffer_transport.rb
@@ -92,6 +92,10 @@
         @index += 1
         i += 1
       end
+      if @index >= GARBAGE_BUFFER_SIZE
+        @buf = @buf.slice(@index..-1)
+        @index = 0
+      end
       i
     end