[omniORB] Memory leaks and array bound read/write errors in omniORB 3.0.4
Venkateswara Rao Kanaparthi
kvrao@winphoria.com
Thu Jul 25 13:15:01 2002
Hello,
We have developed a CORBA server using omniORB. (3.0.4).
Upon running the purified process we came across the following errors
(lots of them):
"UMR: Uninitialized memory read",
"BSW: Beyond stack write error"
"ABR: Array bounds read" and
"ABW: Array bounds write"
mostly in,
omni_condition::wait()
omni_semaphore::wait() and
omni_semaphore::post().
In addition to the above we observed lots of Memory leaks too in
CORBA::UnMarshalObjRef(const char*,NetBufferedStream&) [libomniORB3.a]
and in
omni::createObjRef()
Could someone help us in fixing the above? Any hints of why these are
coming and how they could be fixed? Are these errors already fixed in
later versions?
Please let me know if I am missing something.
I am copying the purify log below for reference.
Thanks in advance for any hints/help.
KV
==============================================================
Details in brief:
omniORB 3.0.4
gcc version 2.95.2 19991024 (release)
SunOS master 5.8 Generic_108528-14 sun4u sparc SUNW,Ultra-250
==============================================================
[ ........ PURIFY LOG ........]
Purify instrumented parlay_cps (pid 22416 at Wed Jul 24 17:33:39 2002)
Purify 5.3 Solaris 2 (32-bit), Copyright (C) 1992-2001 Rational
Software Corp. All rights reserved.
For contact information type: "purify -help"
For TTY output, use the option "-windows=no"
Options settings: -max_threads=40 -max_threads=40 -max_threads=40
-purify \
-purify-home=/opt/rational/releases/purify-5.3-solaris2 \
-ignore-signals=SIGSEGV -check-mmaps=no -search-mmaps=yes
-threads=yes \
-use-internal-locks=yes -thread_stack_change=0x4000
-mt_safe_malloc=yes
License successfully checked out.
Command-line: ./parlay_cps PS01 -ORBInitRef \
NameService=corbaname::10.50.1.18 -nm 10.50.1.18 file
-loglevel 191 \
-nonetlog
UMR: Uninitialized memory read
This is occurring while in thread 7:
mutex_unlock [libthread.so.1]
pthread_cond_wait [libthread.so.1]
omni_condition::wait() [libomnithread.a]
omniORB_Ripper::run_undetached(void*) [libomniORB3.a]
omni_thread_wrapper [libomnithread.a]
_thread_start [libthread.so.1]
Reading 4 bytes from 0x141fc84 in the heap (2 bytes at 0x141fc85
uninit).
Address 0x141fc84 is 76 bytes into a malloc'd block at 0x141fc38
of 120 bytes.
This block was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
omni_strand_initialiser::attach() [libomniORB3.a]
CORBA::ORB_init(int&,char**,const char*) [libomniORB3.a]
main [parlay_cps.cc:28]
BSW: Beyond stack write error
This is occurring while in:
_flush_store [libthread.so.1]
cond_wait [libthread.so.1]
pthread_cond_wait [libthread.so.1]
omni_condition::wait() [libomnithread.a]
omniOrbORB::run() [libomniORB3.a]
main [parlay_cps.cc:52]
Writing 1 byte to 0xffbee90c.
Stack pointer 0xffbee91
ABR: Array bounds read (2 times)
This is occurring while in thread 18:
omni_semaphore::wait() [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:126]
wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
[wms_GCCS.cc:270]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:724]
org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:180]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Reading 4 bytes from 0x5e3d08 in the heap.
Address 0x5e3d08 is 1 byte past end of a malloc'd block at
0x5e3cd8 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
[wms_GCCS.cc:270]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:724]
ABR: Array bounds read (10 times)
This is occurring while in thread 15:
omni_semaphore::post() [libomnithread.a]
wms_Parlay_Service_i::recvdMapResponse(int,void*,void*)
[wms_GS.cc:184]
MapParseRRLIndic [map_receive.c:1070]
Mapsend_from_tcap2Ex [map_receive.c:208]
Mapsend_from_tcap1 [map_receive.c:97]
is41_received_tcap_message [IS41_nim_handler.c:727]
Reading 4 bytes from 0x5e3d08 in the heap.
Address 0x5e3d08 is 1 byte past end of a malloc'd block at
0x5e3cd8 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
[wms_GCCS.cc:270]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:724]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore??? [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out
[wms_MPCall.cc:144]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:711]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
omniLocalIdentity::dispatch(GIOP_S&) [libomniORB3.a]
Writing 4 bytes to 0x5ed958 in the heap.
Address 0x5ed958 is 1 byte past end of a malloc'd block at
0x5ed928 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out
[wms_MPCall.cc:144]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:711]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore??? [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:803]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Writing 4 bytes to 0x1640a08 in the heap.
Address 0x1640a08 is 1 byte past end of a malloc'd block at
0x16409d8 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore::wait() [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:126]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:803]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Writing 4 bytes to 0x1640a08 in the heap.
Address 0x1640a08 is 1 byte past end of a malloc'd block at
0x16409d8 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore??? [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::disableCallNotification(long)
[wms_GCCS.cc:366]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:769]
org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:180]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Writing 4 bytes to 0x5e14e0 in the heap.
Address 0x5e14e0 is 1 byte past end of a malloc'd block at
0x5e14b0 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::disableCallNotification(long)
[wms_GCCS.cc:366]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:769]
New memory leaked: 1923 bytes (0.0106%); potentially leaked: 2920
bytes (0.0161%)
MLK: 464 bytes leaked in 9 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
__bUiLtIn_vEc_nEw [new2.cc:39]
__builtin_vec_new [rtlib.o]
omniObjRef??? [libomniORB3.a]
Block of 64 bytes (2 times); last block at 0x5e43c0
Block of 50 bytes (5 times); last block at 0x1640ed0
Block of 43 bytes (2 times); last block at 0x1640d40
MLK: 240 bytes leaked in 4 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
org::parlay::services::callcontrol::_pof_IpAppCall::newObjRef(const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,omniIdentity*,omniLocalIdentity*)
[ParlayCallControl_GCCS_IFSK.cc:3316]
omni::createObjRef(const char*,const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,bool,bool)
[libomniORB3.a]
iorURIHandler::toObject(const char*,unsigned int)
[libomniORB3.a]
Block of 60 bytes (4 times); last block at 0x1644230
MLK: 210 bytes leaked in 5 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
__bUiLtIn_vEc_nEw [new2.cc:39]
__builtin_vec_new [rtlib.o]
_CORBA_Sequence<unsigned char>::allocbuf(unsigned long)
[libomniORB3.a]
Block of 42 bytes (5 times); last block at 0x1644920
MLK: 160 bytes leaked in 5 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
__bUiLtIn_vEc_nEw [new2.cc:39]
__builtin_vec_new [rtlib.o]
_CORBA_Sequence<IOP::TaggedProfile>::allocbuf(unsigned
long) [libomniORB3.a]
Block of 32 bytes (5 times); last block at 0x16448a8
MLK: 144 bytes leaked in 4 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
omni::createObjRef(const char*,const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,bool,bool)
[libomniORB3.a]
iorURIHandler::toObject(const char*,unsigned int)
[libomniORB3.a]
omniURI::stringToObject(const char*,unsigned int)
[libomniORB3.a]
Block of 36 bytes (4 times); last block at 0x168ef10
MLK: 128 bytes leaked in 2 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
org::parlay::services::ui::_pof_IpAppUICall::newObjRef(const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,omniIdentity*,omniLocalIdentity*)
[ParlayUserInteraction_GUIS_IFSK.cc:3253]
omni::createObjRef(const char*,const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,bool,bool)
[libomniORB3.a]
CORBA::UnMarshalObjRef(const char*,NetBufferedStream&)
[libomniORB3.a]
Block of 64 bytes (2 times); last block at 0x64ed08
MLK: 80 bytes leaked in 4 blocks
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
IOP::EncapStrToIor(const unsigned char*,unsigned
char*&,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*&) [libomniORB3.a]
iorURIHandler::toObject(const char*,unsigned int)
[libomniORB3.a]
omniURI::stringToObject(const char*,unsigned int)
[libomniORB3.a]
Block of 20 bytes (4 times); last block at 0x1641100
MLK: 64 bytes leaked at 0x5bce78
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
omni_thread::init_t::omni_thread::init_t() [libomnithread.a]
__static_initialization_and_destruction_0 [omnithread.h:532]
omni_mutex::_GLOBAL_.I.() [libomnithread.a]
MLK: 60 bytes leaked at 0x5e0ca8
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
org::parlay::services::callcontrol::_pof_IpAppCall::newObjRef(const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,omniIdentity*,omniLocalIdentity*)
[ParlayCallControl_GCCS_IFSK.cc:3316]
omni::createObjRef(const char*,const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,bool,bool)
[libomniORB3.a]
CORBA::UnMarshalObjRef(const char*,NetBufferedStream&)
[libomniORB3.a]
MLK: 60 bytes leaked at 0x141e578
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
org::parlay::services::callcontrol::_pof_IpAppCallControlManager::newObjRef(const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,omniIdentity*,omniLocalIdentity*)
[ParlayCallControl_GCCS_IFSK.cc:1276]
omni::createObjRef(const char*,const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,bool,bool)
[libomniORB3.a]
iorURIHandler::toObject(const char*,unsigned int)
[libomniORB3.a]
MLK: 60 bytes leaked at 0x1423ba0
This memory was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
org::parlay::services::callcontrol::_pof_IpAppCallControlManager::newObjRef(const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,omniIdentity*,omniLocalIdentity*)
[ParlayCallControl_GCCS_IFSK.cc:1276]
omni::createObjRef(const char*,const
char*,_CORBA_Unbounded_Sequence<IOP::TaggedProfile>*,bool,bool)
[libomniORB3.a]
CORBA::UnMarshalObjRef(const char*,NetBufferedStream&)
[libomniORB3.a]