[omniORB] Memory leaks and array bound read/write errors in omniORB 3.0.4

Venkateswara Rao Kanaparthi kvrao@winphoria.com
Thu Jul 25 15:10:02 2002


Hello,

Update to my earlier posting.

We could fix all the memory leaks which I reported earlier.
We needed to do some code change. Sorry for reporting them.

However we are still getting other errors.

Regards,
KV



Venkateswara Rao Kanaparthi wrote:

> Hello,
>
> We have developed a CORBA server using omniORB. (3.0.4).
>
> Upon running the purified process we came across the following errors 
> (lots of them):
>
> "UMR: Uninitialized memory read",
> "BSW: Beyond stack write error"
> "ABR: Array bounds read" and
> "ABW: Array bounds write"
>
> mostly in,
>
> omni_condition::wait()
> omni_semaphore::wait() and
> omni_semaphore::post().
>
> In addition to the above we observed lots of Memory leaks too in
>
> CORBA::UnMarshalObjRef(const char*,NetBufferedStream&) [libomniORB3.a]
> and in
> omni::createObjRef()
>
> Could someone help us in fixing the above? Any hints of why these are 
> coming and how they could be fixed? Are these errors already fixed in 
> later versions?
>
>
> Please let me know if I am missing something.
>
> I am copying the purify log below for reference.
>
> Thanks in advance for any hints/help.
> KV
>
>
> ==============================================================
> Details in brief:
>
> omniORB 3.0.4
> gcc version 2.95.2 19991024 (release)
> SunOS master 5.8 Generic_108528-14 sun4u sparc SUNW,Ultra-250
> ==============================================================
>
>
> [ ........ PURIFY LOG ........]
>
>
>      Purify instrumented parlay_cps (pid 22416 at Wed Jul 24 17:33:39 
> 2002)
>      Purify 5.3 Solaris 2 (32-bit), Copyright (C) 1992-2001 Rational 
> Software Corp. All rights reserved.
>      For contact information type: "purify -help"
>      For TTY output, use the option "-windows=no"
>      Options settings: -max_threads=40 -max_threads=40 -max_threads=40 
> -purify \
>          -purify-home=/opt/rational/releases/purify-5.3-solaris2 \
>          -ignore-signals=SIGSEGV -check-mmaps=no -search-mmaps=yes 
> -threads=yes \
>          -use-internal-locks=yes -thread_stack_change=0x4000 
> -mt_safe_malloc=yes
>      License successfully checked out.
>      Command-line: ./parlay_cps PS01 -ORBInitRef \
>          NameService=corbaname::10.50.1.18 -nm 10.50.1.18 file 
> -loglevel 191 \
>          -nonetlog
>
>
>      UMR: Uninitialized memory read
>      This is occurring while in thread 7:
>            mutex_unlock   [libthread.so.1]
>            pthread_cond_wait [libthread.so.1]
>            omni_condition::wait() [libomnithread.a]
>            omniORB_Ripper::run_undetached(void*) [libomniORB3.a]
>            omni_thread_wrapper [libomnithread.a]
>            _thread_start  [libthread.so.1]
>      Reading 4 bytes from 0x141fc84 in the heap (2 bytes at 0x141fc85 
> uninit).
>      Address 0x141fc84 is 76 bytes into a malloc'd block at 0x141fc38 
> of 120 bytes.
>      This block was allocated from:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            omni_strand_initialiser::attach() [libomniORB3.a]
>            CORBA::ORB_init(int&,char**,const char*) [libomniORB3.a]
>            main           [parlay_cps.cc:28]
>
>
>      BSW: Beyond stack write error
>      This is occurring while in:
>            _flush_store   [libthread.so.1]
>            cond_wait      [libthread.so.1]
>            pthread_cond_wait [libthread.so.1]
>            omni_condition::wait() [libomnithread.a]
>            omniOrbORB::run() [libomniORB3.a]
>            main           [parlay_cps.cc:52]
>      Writing 1 byte to 0xffbee90c.
>      Stack pointer 0xffbee91
>
>      ABR: Array bounds read (2 times)
>      This is occurring while in thread 18:
>            omni_semaphore::wait() [libomnithread.a]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:126]
>            
> wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const 
> org::parlay::services::callcontrol::TpCallEventCriteria&,long&) 
> [wms_GCCS.cc:270]
>            
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:724]
>            
> org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:180]
>            omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) 
> [libomniORB3.a]
>      Reading 4 bytes from 0x5e3d08 in the heap.
>      Address 0x5e3d08 is 1 byte past end of a malloc'd block at 
> 0x5e3cd8 of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            
> wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const 
> org::parlay::services::callcontrol::TpCallEventCriteria&,long&) 
> [wms_GCCS.cc:270]
>            
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:724]
>
>      ABR: Array bounds read (10 times)
>      This is occurring while in thread 15:
>            omni_semaphore::post() [libomnithread.a]
>            wms_Parlay_Service_i::recvdMapResponse(int,void*,void*) 
> [wms_GS.cc:184]
>            MapParseRRLIndic [map_receive.c:1070]
>            Mapsend_from_tcap2Ex [map_receive.c:208]
>            Mapsend_from_tcap1 [map_receive.c:97]
>            is41_received_tcap_message [IS41_nim_handler.c:727]
>      Reading 4 bytes from 0x5e3d08 in the heap.
>      Address 0x5e3d08 is 1 byte past end of a malloc'd block at 
> 0x5e3cd8 of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            
> wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const 
> org::parlay::services::callcontrol::TpCallEventCriteria&,long&) 
> [wms_GCCS.cc:270]
>            
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:724]
>
>      ABW: Array bounds write
>      This is occurring while in thread 18:
>            omni_semaphore??? [libomnithread.a]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            
> getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out 
> [wms_MPCall.cc:144]
>            
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:711]
>            omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) 
> [libomniORB3.a]
>            omniLocalIdentity::dispatch(GIOP_S&) [libomniORB3.a]
>      Writing 4 bytes to 0x5ed958 in the heap.
>      Address 0x5ed958 is 1 byte past end of a malloc'd block at 
> 0x5ed928 of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            
> getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out 
> [wms_MPCall.cc:144]
>            
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:711]
>                                                                                                                                
>      ABW: Array bounds write
>      This is occurring while in thread 18:
>            omni_semaphore??? [libomnithread.a]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            wms_Call_i::release(long,const 
> org::parlay::services::callcontrol::TpCallReleaseCause&) 
> [wms_Call.cc:696]
>            
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>            
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:803]
>            omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) 
> [libomniORB3.a]
>      Writing 4 bytes to 0x1640a08 in the heap.
>      Address 0x1640a08 is 1 byte past end of a malloc'd block at 
> 0x16409d8 of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            wms_Call_i::release(long,const 
> org::parlay::services::callcontrol::TpCallReleaseCause&) 
> [wms_Call.cc:696]
>            
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>
>      ABW: Array bounds write
>      This is occurring while in thread 18:
>            omni_semaphore::wait() [libomnithread.a]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:126]
>            wms_Call_i::release(long,const 
> org::parlay::services::callcontrol::TpCallReleaseCause&) 
> [wms_Call.cc:696]
>            
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>            
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:803]
>            omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) 
> [libomniORB3.a]
>      Writing 4 bytes to 0x1640a08 in the heap.
>      Address 0x1640a08 is 1 byte past end of a malloc'd block at 
> 0x16409d8 of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            wms_Call_i::release(long,const 
> org::parlay::services::callcontrol::TpCallReleaseCause&) 
> [wms_Call.cc:696]
>            
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>      ABW: Array bounds write
>      This is occurring while in thread 18:
>            omni_semaphore??? [libomnithread.a]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            wms_CallControlManager_i::disableCallNotification(long) 
> [wms_GCCS.cc:366]
>            
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:769]
>            
> org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_MPCCS_IFSK.cc:180]
>            omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) 
> [libomniORB3.a]
>      Writing 4 bytes to 0x5e14e0 in the heap.
>      Address 0x5e14e0 is 1 byte past end of a malloc'd block at 
> 0x5e14b0 of 48 bytes.
>      This block was allocated from thread 18:
>            malloc         [rtlib.o]
>            __bUiLtIn_nEw  [new1.cc:84]
>            __builtin_new  [rtlib.o]
>            wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned 
> int,unsigned char) [wms_GS.cc:105]
>            wms_CallControlManager_i::disableCallNotification(long) 
> [wms_GCCS.cc:366]
>            
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&) 
> [ParlayCallControl_GCCS_IFSK.cc:769]
>