THRIFT-6047: Limit struct read/write recursion depth in PHP library#3552
THRIFT-6047: Limit struct read/write recursion depth in PHP library#3552Jens-G wants to merge 1 commit into
Conversation
Client: php Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
sveneld
left a comment
sveneld
left a comment
There was a problem hiding this comment.
Functionally solid — see two style nits inline. Will follow up on the binary_inline / integration-test items separately.
| $fid = 0; | ||
| $input->incrementRecursionDepth(); | ||
| try { | ||
| $xfer += $input->readStructBegin($fname); |
There was a problem hiding this comment.
Style: the try { ... } block body isn't indented relative to the surrounding code, so the body sits at the same column as try { itself. PSR-12 expects the body to be one level deeper. The same shape is in writeStruct below. CI is green only because phpcs doesn't enforce Generic.WhiteSpace.ScopeIndent for this rule, but visually it reads as if the try had no body. Suggest:
| $xfer += $input->readStructBegin($fname); | |
| $input->incrementRecursionDepth(); | |
| try { | |
| $xfer += $input->readStructBegin($fname); |
…and reindent the matched closing brace + every line in between.
| $xfer = 0; | ||
| $output->incrementRecursionDepth(); | ||
| try { | ||
| $xfer += $output->writeStructBegin($class); |
There was a problem hiding this comment.
Same indent issue as in readStruct — body of try { is one level shallower than it should be.
| } | ||
|
|
||
| public function testIncrementRecursionDepthThrowsAtLimit(): void | ||
| { |
There was a problem hiding this comment.
Nit: PHPUnit canonical way to express “the code under test must not throw and has no value to assert on” is $this->expectNotToPerformAssertions(); at the top of the test, rather than a trailing assertTrue(true). Same for testDecrementRecursionDepthRestoresCapacity below.
| } | ||
|
|
||
| private function buildBinaryBuffer(callable $writer): string | ||
| { |
There was a problem hiding this comment.
Same nit — prefer $this->expectNotToPerformAssertions(); over assertTrue(true).
2 participants
Summary
incrementRecursionDepth()/decrementRecursionDepth()toTProtocolTProtocolException(DEPTH_LIMIT)when exceededTBase::read/TBase::writewrap withtry/finallyto guarantee counter restorationTest plan
lib/php/test/Unit/Lib/Protocol/TProtocolTest.phpcovers allow/reject/restore🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com