[omniORB] Another wide-string bug + fix
Stephen Crawley
crawley@dstc.edu.au
Tue, 31 Jul 2001 16:04:10 +1000
Duncan,
I ran into a heap trashing problem, and Purify found the following omniORB
memory over-run bug for me.
In NCS_W_UTF_16::unmarshalWString(...) (file cs-UTF-16.cc), there is the
following code:
ws = omniCodeSetUtil::allocW(len);
omniCodeSetUtil::HolderW wh(ws);
for (_CORBA_ULong i=0; i<=len; i++)
ws[i] = us[i];
Unfortunately, the loop runs past the end of 'ws' by one wide character.
The problem is that omniCodeSetUtil::allocW carefully allocates 'len'
characters, not 'len + 1'.
One possible fix is to change the first line above to:
ws = omniCodeSetUtil::allocW(len + 1);
Might this bug occur in other codeset adapters as well?
-- Steve