[omniORB] Crash on using nil reference

Tim Ward timw@lsl.co.uk
Thu, 3 May 2001 15:33:17 +0100 

On trying to use a nil reference in a client I do not get a clean exception
thrown which the client catches. Instead I get:

(1) an access violation crash when trying to use the nil reference

(2) failures at an earlier stage in the process if I don't restart
    all the servers involved before restarting the client.

The subsequent failures, after restarting the client, are of two types:

(a) client hangs forever

(b) client crashes with an access violation at an earlier stage than
    on the first run.

Trace output:

omniORB: scavenger : scanning connections
omniORB: scavenger : scanning connections
omniORB: scavenger : scanning connections
omniORB: scavenger : scanning connections
omniORB: scavenger : scanning connections
omniORB: scavenger : scanning connections
omniORB: ERROR -- the application attempted to invoke an operation
 on a nil reference.
omniORB: throw INV_OBJREF from exception.cc:456
omniORB: omniRemoteIdentity deleted.
omniORB: strand Rope::decrRefCount: old value = 1
omniORB: ObjRef(IDL:xxx/parameter_server/ParamServer:1.0) -- deleted.
omniORB: omniRemoteIdentity deleted.
omniORB: strand Rope::decrRefCount: old value = 1
omniORB: ObjRef(IDL:xxx/locator_server/LocatorServer:1.0) -- deleted.

The attempt to use a nil reference is deliberate, but instead of
the application catching the exception there's an access violation
with a stack of:

__InternalCxxFrameHandler + 875 bytes
__InternalCxxFrameHandler + 227 bytes
__CxxFrameHandler + 44 bytes
NTDLL! 77f96666()
NTDLL! 77f8912b()
NTDLL! 77f763ba()
_CORBA_ObjRef_Var<xxx::parameter_server::_objref_ParamServer,xxx::parameter_
server::ParamServer_Helper>::~_CORBA_ObjRef_Var<xxx::parameter_server::_objr
ef_ParamServer,xxx::parameter_server::ParamServer_Helper>() line 368 + 11
bytes
_controlfp + 6667 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77f1ba06()

Source code:

#include "i_locator_server.h"
#include <stdio.h>

#include "CLocatorServerInterface.h"

extern CORBA::ULong omniORB::traceLevel;

int main(int argc, char** argv)
{
 CORBA::ORB_var orb = CORBA::ORB_init(argc, argv, "omniORB3");

 char* stringVal;
 bool boolVal;
 long intVal;
 double realVal;

     omniORB::traceLevel = 20;

 try
 {
         CLocatorServerInterface lsi( orb );

  // Get a connection to the parameter server.

  xxx::locator_server::LocatorServer_var ls = lsi.Find();

  xxx::parameter_server::ParamServer_var serverConnection =
ls->bind_parameter_server( "1" );

  xxx::parameter_server::ParamSet_var newParamSet  =
serverConnection->createParamSet();
  xxx::parameter_server::ParamSet_var newParamSet2 =
serverConnection->createParamSet();
  xxx::parameter_server::ParamSet_var newParamSet3 =
serverConnection->createParamSet();
  xxx::parameter_server::ParamSet_var newParamSet4 =
serverConnection->createParamSet();
  xxx::parameter_server::ParamSet_var newParamSet5 =
serverConnection->createParamSet();


  newParamSet->setStringParam("stringparam", "fakeSt'''''''''ring");
...
...
 }
    catch(...)
    {
        return 1;
    }


At this point newParamSet is a nil reference because createParamSet()
(having not
been fully written yet) is deliberately returning nil references.

I do *not* expect using a nil reference to crash the client in an
uncontrolled
fashion, and I most certainly do *not* expect using a nil reference to upset
the
state of the servers involved so that they also need to be restarted.

Environment: NT; naming service, the two servers and the client all running
on the same machine.


Tim Ward
Brett Ward Limited - www.brettward.co.uk