[omniORB] Bug in reference parsing?

Zsolt Rizsanyi rizsanyi at users.sourceforge.net
Sun Jun 21 23:24:46 BST 2009 

Hi!

On Wed, Jun 3, 2009 at 3:02 PM, Serguei Kolos<Serguei.Kolos at cern.ch> wrote:
> I'm using omniORB 4.1.3 with gcc3.4 on Linux kernel 2.6
>
> I got the string_to_object function crashing with segmentation fault if I
> have
> the following 2 conditions met:
> 1. the reference is using unix domain socket format, i.e. it looks like:
>
>   corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy
>
> 2. I have the following 2 lines set in the /etc/omniORB.cfg file:
>
> clientTransportRule = 10.153.34.0/255.255.255.0 unix,tcp
>           = *                none
>
> Here is GDB stack trace which shows that crash occurs because the
> function "extractHost" (transportRules:cc219) does not check that the
> "host" parameter is NULL before passing it to the LibcWrapper::isip4addr
>
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread -1209063744 (LWP 21266)]
> 0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at
> ../src/lib/omniORB/orbcore/libcWrapper.cc:194
> 194       for (c=node; *c; ++c) {
> (gdb) bt
> #0  0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at
> ../src/lib/omniORB/orbcore/libcWrapper.cc:194
> #1  0x006aed0c in extractHost (endpoint=0x9762b50
> "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01") at
> ../src/lib/omniORB/orbcore/transportRules.cc:219
> #2  0x006b1927 in omni::builtinIPv4Rule::match (this=0x9760ab8,
> endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01")
>   at ../src/lib/omniORB/orbcore/transportRules.cc:290
> #3  0x006aeaaf in omni::transportRules::match (this=0x7166d4,

We have run into this issue when trying to upgrade to omniORB 4.1 from
4.0. The bug was introduced with the new IPv6 support in omniORB (but
it breaks code that does not use IPv6).

I have made a simple patch to fix this which basically just changes
the order of checks in builtinIPv4Rule::match() so that it does not
try to call extractHost() if it is matching a unix socket type URI.

Regards,
Zsolt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: builtinipv4-rule-crash.patch
Type: text/x-diff
Size: 1932 bytes
Desc: not available
Url : http://www.omniorb-support.com/pipermail/omniorb-list/attachments/20090621/624cea40/builtinipv4-rule-crash.bin

More information about the omniORB-list mailing list