[omniORB] Bug in genior (omniORB 3)

[Jean Francois Poilpret]

Hi all,

I've just been chasing a bug on the genior utility.
This bug appears on Windows NT4 (it seems not to occur on Linux, =
although it also should IMHO):
at the end of genior (after displaying the generated IOR), the genior =
utility segfaults in the free() library call.

After checking the sources, I finally found that, in genior.cc there =
were two bugs:

the code uses the struct IIOP::ProfileBody which has a field "host" (of =
type CORBA::Char*), which is automatically delete[]'d by the dtor (see =
the definition of that struct in IIOP.h)

in the genior utility, there are the lines following (in three different =
lcoations):

char * hostname =3D strdup(argv[...]); // NB: strdup uses malloc, not =
new [])
...
{
    ProfileBody prof;
    prof.host =3D (CORBA::Char*) hostname;
    ...
}
...
free(hostname);

the program crashes at the last line where free is called (since in fact =
hostname has already been freed by the destructor of ProfileBody for the =
stack variable prof, when it went out of scope)
so the free(hostname) should be commented out.

moreover, the way hostname is allocated (through strdup) is not =
homogeneous with the way it is freed (using delete[]), since no one can =
be assured that delete actually calls free in some C++ libs =
implementations.
so the first line should be changed into:

char * hostname =3D new char [srlen(argv[...]) + 1];
strcpy(hostname, argv[...]);

Best regards

    Jean-Fran=E7ois Poilpr=EAt