THRIFT-6055: Limit recursion depth in JavaME struct/exception read/write#3560
Open
Jens-G wants to merge 1 commit into
Open
THRIFT-6055: Limit recursion depth in JavaME struct/exception read/write#3560Jens-G wants to merge 1 commit into
Jens-G wants to merge 1 commit into
Conversation
Jens-G
force-pushed
the
javame-recursion-depth
branch
from
ba1349e to
307d156
Compare
Jens-G
changed the title
Jens-G
force-pushed
the
javame-recursion-depth
branch
from
307d156 to
982b0ee
Compare
Client: javame Add a recursionDepth_ counter with incrementRecursionDepth() and decrementRecursionDepth() to TProtocol, bounded at 64, plus a DEPTH_LIMIT type on TProtocolException, and update the JavaME generator to bracket each generated struct read/write body with try/finally so the counter is always restored. This bounds the work performed for deeply nested or cyclic structs, which previously had no limit in the generated read()/write() path. Exceptions are generated through the same read/write path, so they are bounded too. Add a generated-code round-trip regression test (lib/javame/test/TestRecursionDepth.java) over the binary and JSON protocols: chains at the limit round-trip, chains one past it (write and read) are rejected with DEPTH_LIMIT, a wide structure confirms the counter is decremented for each sibling, a cyclic graph is rejected, and a recursive exception round-trips at the limit and is rejected one past it on both write and read. The recursive types come from a JavaME-local test/RecursionDepth.thrift rather than the shared test/Recursive.thrift: the shared file also defines a recursive union and a service, and JavaME has no TUnion runtime class, so a generated union does not even compile (javac: "cannot find symbol: class TUnion"). Unions are therefore unsupported in JavaME independently of this change; structs and exceptions are what the guard can and does cover. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Jens-G
force-pushed
the
javame-recursion-depth
branch
from
982b0ee to
82b8dde
Compare
Jens-G
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
THRIFT-6055: Limit recursion depth in the JavaME library
Change
Adds a
recursionDepth_counter (incrementRecursionDepth/decrementRecursionDepth) toTProtocol, bounded at 64, plus aDEPTH_LIMITtype onTProtocolException; the JavaME generator brackets each generated struct read/write body withtry/finally. Previously the generatedread()/write()path had no limit. Exceptions are generated through the same path, so they are bounded too.Test
A generated-code round-trip regression test (
lib/javame/test/TestRecursionDepth.java) over the binary and JSON protocols: chains at the limit round-trip; chains one past it (write and read) are rejected withDEPTH_LIMIT; a wide structure confirms the counter is decremented per sibling; a cyclic graph is rejected; and a recursive exception round-trips at the limit and is rejected one past it on both write and read. The over-limit read payload is hand-serialized through the real recursive field (id 1, typeSTRUCT) so the reader recurses through the guarded path rather than the (unbounded)skip().Note on unions
The recursive types come from a JavaME-local
test/RecursionDepth.thriftrather than the sharedtest/Recursive.thrift. The shared file also defines a recursive union and a service, and JavaME has noTUnionruntime class — a generated union does not even compile (javac: cannot find symbol: class TUnion). Unions are therefore unsupported in JavaME independently of this change; structs and exceptions are what the guard can (and now demonstrably does) cover.JavaME has no build harness/CI; validated locally under OpenJDK 17 (compile
lib/javame/srcminusTHttpClient.java+gen-javame+ the test): 18/18 checks pass.skip()(TProtocolUtil.maxSkipDepth) stays separately unbounded as before.🤖 Generated with Claude Code