[omniORB] Memory leaks and array bound read/write errors in omniORB 3.0.4

Duncan Grisby duncan@grisby.org
Thu Aug 1 15:22:00 2002 

On Friday 26 July, Venkateswara Rao Kanaparthi wrote:

> I have reported these in my earlier posting too.

Yes, I just wanted to check which ones you still had.

[...]
>      UMR: Uninitialized memory read
>      This is occurring while in thread 7:
>            mutex_unlock   [libthread.so.1]
>            pthread_cond_wait [libthread.so.1]
>            omni_condition::wait() [libomnithread.a]
>            omniORB_Ripper::run_undetached(void*) [libomniORB3.a]

This one is almost certainly in the platform's thread library.

>      BSW: Beyond stack write error
>      This is occurring while in:
>            _flush_store   [libthread.so.1]
>            cond_wait      [libthread.so.1]
>            pthread_cond_wait [libthread.so.1]
>            omni_condition::wait() [libomnithread.a]
>            omniOrbORB::run() [libomniORB3.a]

This one too.

>      ABR: Array bounds read (2 times)
>      This is occurring while in thread 18:
>            omni_semaphore::wait() [libomnithread.a]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:126]

This one looks like it could be an application error. Are you sure you
have allocated the semaphore you are using correctly?  It could be
another OS problem.

> org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:180]
>            omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
>      Reading 4 bytes from 0x5e3d08 in the heap.
>      Address 0x5e3d08 is 1 byte past end of a malloc'd block at 0x5e3cd8 
> of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]

I'm not sure what's going on with this one. Are you returning a string
or other dynamically allocated thing from a servant operation?  It
looks like you have the length wrong.

All the others look like either the same kinds of OS problems or
potential application errors.

Cheers,

Duncan.

-- 
 -- Duncan Grisby         --
  -- duncan@grisby.org     --
   -- http://www.grisby.org --