Thrift-1451:FramedTransport: Prevent infinite loop when writing Client: cpp Patch: Dave Watson Invoked test client with a big enough query to trigger the resize code. git-svn-id: https://svn.apache.org/repos/asf/thrift/trunk@1211737 13f79535-47bb-0310-9956-ffa450edef68

commit: f05e1486e4b213842d362f8be62cd0352f29fbe3 [log] [tgz]
author: Jake Farrell <jfarrell@apache.org> Thu Dec 08 02:08:38 2011 +0000
committer: Jake Farrell <jfarrell@apache.org> Thu Dec 08 02:08:38 2011 +0000
tree: 0f32010f36e35002dabaf748ed51452582620801
parent: 23bf35daa32231ca00b8a12d91f503f3f8ebf1f7 [diff]
diff --git a/lib/cpp/src/transport/TBufferTransports.cpp b/lib/cpp/src/transport/TBufferTransports.cpp
index 52920c2..197a7ab 100644
--- a/lib/cpp/src/transport/TBufferTransports.cpp
+++ b/lib/cpp/src/transport/TBufferTransports.cpp

@@ -211,6 +211,10 @@
   // Double buffer size until sufficient.
   uint32_t have = wBase_ - wBuf_.get();
   uint32_t new_size = wBufSize_;
+  if (len + have < have /* overflow */ || len + have > 0x7fffffff) {
+    throw TTransportException(TTransportException::BAD_ARGS,
+        "Attempted to write over 2 GB to TFramedTransport.");
+  }
   while (new_size < len + have) {
     new_size = new_size > 0 ? new_size * 2 : 1;
   }
commit	f05e1486e4b213842d362f8be62cd0352f29fbe3	[log] [tgz]
author	Jake Farrell <jfarrell@apache.org>	Thu Dec 08 02:08:38 2011 +0000
committer	Jake Farrell <jfarrell@apache.org>	Thu Dec 08 02:08:38 2011 +0000
tree	0f32010f36e35002dabaf748ed51452582620801
parent	23bf35daa32231ca00b8a12d91f503f3f8ebf1f7 [diff]