[omniORB] crash when transmitting NULL pointer in IDL method parm

Hartmut Raschick hartmut.raschick@ke-elektronik.de
Fri Nov 29 07:24:01 2002


Consider:

--snip---------------------------------------------------
...
  interface Topology {
...
    boolean setAttr( in  ObjAddr               aObjAddr,
                     in  AttrIdList            aAttrIdList,
                     in  AttrReadWriteModeList aAttrReadWriteModeList,
                     in  AttrValUnionList      aAttrValUnionList,
                     in  NotificationClient    aNotificationClient,
                     out long                  aTransactionId )
      raises( NoSuchObj,
              NoSuchAttr );
...
--snap---------------------------------------------------

and

--snip---------------------------------------------------
...
  NotificationClient_ptr cbObj = NULL;
...
          howDidItGo = topoIF->setAttr(objAddr, attrIDList, rwModes,
                                       aValUnionList, cbObj, trxID);
...
--snap---------------------------------------------------
this crashes because no-one tests for cbObj (not) being NULL


OMNI4 does (from-idl generated code):
--snip---------------------------------------------------
inline void
NotificationClient::_marshalObjRef(::NotificationClient_ptr obj, cdrStream& s) {
  omniObjRef::_marshal(obj->_PR_getobj(),s);
}
--snap---------------------------------------------------
(assumes correct pointer ... :( )


whereas OMNI3 did (from-idl generated code):
--snip---------------------------------------------------
inline void
NotificationClient::_marshalObjRef(NotificationClient_ptr obj,
NetBufferedStream& s) {
  CORBA::MarshalObjRef(obj, _PD_repoId, 35, s);
}
--snap---------------------------------------------------

which was (${OMNI_DIR}/src/lib/omniORB2/orbcore/corbaOrb.cc):
--snip---------------------------------------------------
void
CORBA::MarshalObjRef(CORBA::Object_ptr obj, const char* repoId,
                     size_t repoIdSize, NetBufferedStream& s)
{
  if (CORBA::is_nil(obj)) {
    // nil object reference
    ::operator>>= ((CORBA::ULong)1,s);
    ::operator>>= ((CORBA::Char) '\0',s);
    ::operator>>= ((CORBA::ULong) 0,s);
    return;
  }

  // non-nil object reference
  repoId = obj->_PR_getobj()->_mostDerivedRepoId();
--snap---------------------------------------------------
which, as one can see, tested for nil-ness... good...

to forestall the question: NULL pointer means: just (try to) set attr(s),
I don't care for the result...
has this happended to anyone else? what do you say? should one call
this a... bug?!

N.B.: I shouldnt say this here, I know, but... other orbs also don't
      panic there...

P.S.: The principal mark of genius is not perfection but originality,
      the opening of new frontiers.
         - Arthur Koestler (1905-1983)
P.P.S.: So it's OK, I suppose... :)

-- 
Hartmut "Hardy" Raschick / Dept. RD41
ke Kommunikations-Elektronik GmbH
Wohlenberstr. 3, 30179 Hannover
Phone: ++49 (0)511 6747-564
Fax: ++49 (0)511 6747-340
e-Mail: hartmut.raschick@ke-elektronik.de
http://www.ke-elektronik.de