From: Roger Meier <roger@apache.org>
Date: Tue, 2 Aug 2011 10:55:47 +0000 (+0000)
Subject: THRIFT-1252 Segfault in Ruby deserializer
X-Git-Tag: 0.7.0~17
X-Git-Url: https://source.supwisdom.com/gerrit/gitweb?a=commitdiff_plain;h=472f9e190c982454642e4edeca49b136722b27ef;p=common%2Fthrift.git

THRIFT-1252 Segfault in Ruby deserializer
Patch: Ilya Maykov

git-svn-id: https://svn.apache.org/repos/asf/thrift/trunk@1153093 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/lib/rb/ext/memory_buffer.c b/lib/rb/ext/memory_buffer.c
index 23cd9ebb..bd1bac82 100644
--- a/lib/rb/ext/memory_buffer.c
+++ b/lib/rb/ext/memory_buffer.c
@@ -58,12 +58,12 @@ VALUE rb_thrift_memory_buffer_read(VALUE self, VALUE length_value) {
     rb_ivar_set(self, buf_ivar_id, rb_funcall(buf, slice_method_id, 2, INT2FIX(index), INT2FIX(RSTRING_LEN(buf) - 1)));
     index = 0;
   }
+  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
   if (RSTRING_LEN(data) < length) {
     rb_raise(rb_eEOFError, "Not enough bytes remain in memory buffer");
   }
 
-  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
   return data;
 }
 
@@ -76,12 +76,13 @@ VALUE rb_thrift_memory_buffer_read_byte(VALUE self) {
     rb_raise(rb_eEOFError, "Not enough bytes remain in memory buffer");
   }
   char byte = RSTRING_PTR(buf)[index++];
-  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
   if (index >= GARBAGE_BUFFER_SIZE) {
     rb_ivar_set(self, buf_ivar_id, rb_funcall(buf, slice_method_id, 2, INT2FIX(index), INT2FIX(RSTRING_LEN(buf) - 1)));
     index = 0;
   }
+  rb_ivar_set(self, index_ivar_id, INT2FIX(index));
+
   int result = (int) byte;
   return INT2FIX(result);
 }
@@ -98,12 +99,12 @@ VALUE rb_thrift_memory_buffer_read_into_buffer(VALUE self, VALUE buffer_value, V
       rb_raise(rb_eEOFError, "Not enough bytes remain in memory buffer");
     }
     char byte = RSTRING_PTR(buf)[index++];
-    rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
     if (index >= GARBAGE_BUFFER_SIZE) {
       rb_ivar_set(self, buf_ivar_id, rb_funcall(buf, slice_method_id, 2, INT2FIX(index), INT2FIX(RSTRING_LEN(buf) - 1)));
       index = 0;
     }
+    rb_ivar_set(self, index_ivar_id, INT2FIX(index));
 
     if (i >= RSTRING_LEN(buffer_value)) {
       rb_raise(rb_eIndexError, "index %d out of string", i);
diff --git a/lib/rb/lib/thrift/transport/memory_buffer_transport.rb b/lib/rb/lib/thrift/transport/memory_buffer_transport.rb
index 5f740ca7..62c52923 100644
--- a/lib/rb/lib/thrift/transport/memory_buffer_transport.rb
+++ b/lib/rb/lib/thrift/transport/memory_buffer_transport.rb
@@ -92,6 +92,10 @@ module Thrift
         @index += 1
         i += 1
       end
+      if @index >= GARBAGE_BUFFER_SIZE
+        @buf = @buf.slice(@index..-1)
+        @index = 0
+      end
       i
     end