From 4e1cd5c937c688835ce4af120297a0677ef624c2 Mon Sep 17 00:00:00 2001
From: dxbjavid <dxbjavid@gmail.com>
Date: Tue, 23 Jun 2026 19:59:07 +0530
Subject: [PATCH] enforce stringLengthLimit in TCompactProtocol.readBinary

---
 .../apache/thrift/protocol/TCompactProtocol.java   |  2 +-
 .../thrift/protocol/TestMessageSizeLimits.java     | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/java/src/main/java/org/apache/thrift/protocol/TCompactProtocol.java b/lib/java/src/main/java/org/apache/thrift/protocol/TCompactProtocol.java
index 7f9bf12723c..4d5da638323 100644
--- a/lib/java/src/main/java/org/apache/thrift/protocol/TCompactProtocol.java
+++ b/lib/java/src/main/java/org/apache/thrift/protocol/TCompactProtocol.java
@@ -680,7 +680,7 @@ public ByteBuffer readBinary() throws TException {
     if (length == 0) {
       return EMPTY_BUFFER;
     }
-    getTransport().checkReadBytesAvailable(length);
+    checkStringReadLength(length);
     if (trans_.getBytesRemainingInBuffer() >= length) {
       ByteBuffer bb = ByteBuffer.wrap(trans_.getBuffer(), trans_.getBufferPosition(), length);
       trans_.consumeBuffer(length);
diff --git a/lib/java/src/test/java/org/apache/thrift/protocol/TestMessageSizeLimits.java b/lib/java/src/test/java/org/apache/thrift/protocol/TestMessageSizeLimits.java
index ab12a0f705e..3cd4da35452 100644
--- a/lib/java/src/test/java/org/apache/thrift/protocol/TestMessageSizeLimits.java
+++ b/lib/java/src/test/java/org/apache/thrift/protocol/TestMessageSizeLimits.java
@@ -105,6 +105,20 @@ public void testCompactProtocol_stringLengthLimitEnforcedInFastPath() throws Exc
         "TCompactProtocol stringLengthLimit must reject oversized strings in fast path");
   }
 
+  @Test
+  public void testCompactProtocol_stringLengthLimitEnforcedForBinary() throws Exception {
+    // binary uses the same varint-length encoding as a string on the wire
+    byte[] buf = encodeCompactString(repeat('A', 100));
+    TMemoryInputTransport transport = new TMemoryInputTransport(buf);
+
+    TCompactProtocol proto = new TCompactProtocol(transport, 10L, -1L);
+
+    assertThrows(
+        TProtocolException.class,
+        proto::readBinary,
+        "TCompactProtocol stringLengthLimit must also gate readBinary, not just readString");
+  }
+
   @Test
   public void testConsumeBuffer_decrementsRemainingMessageSize() throws Exception {
     // 20-byte transport; updateKnownMessageSize sets remainingMessageSize = 20