[omniORB] Bug in the cdrStream::unmarshalRawString
Serguei Kolos
Serguei.Kolos at cern.ch
Mon Mar 13 18:17:44 GMT 2006
Hello
Please ignore my messages - I did not realize that the
_CORBA_String_helper::alloc(len)
function, which is used by the cdrStream::unmarshalRawString allocates
len + 1 bytes.
The problem, which I have observed appears because of 0 length, which
have been
read from the cdrMemoryStream, which I believe is my fault.
Cheers,
Sergei
Serguei Kolos wrote:
> Hello
>
> As a follow up - the reported issue might be more complicated when one
> would look
> to it carefully. On many platforms malloc(0) returns a valid address,
> which means that
> one can not recognize 0-length strings by pointers to them. The only
> way to know something
> about that string is to call the strlen function. The issue is that
> strlen tries to find the first
> zero in the given string, which has two consequences:
> 1. it reads at least 1 byte of unallocated memory
> 2. it seems there is no guarantee that 0-length memory pointer will
> always points to the byte
> with zero value, in which case situation may be even worse and
> strlen may return incorrect
> string length.
>
> May be it is worth thinking about returning 0 as a pointer to 0-length
> string from
> the cdrStream::unmarshalRawString function?
>
> Cheers,
> Sergei
>
> Serguei Kolos wrote:
>
>> Hello
>>
>> I believe there is a bug in the cdrStream::unmarshalRawString function
>> (src/lib/omniORB/orbcore/corbaString.cc file). If the length of the
>> unmarshalled
>> string is zero (variable len, which is equal to string length + 1, is
>> 1), the line 183 of
>> that file reads unallocated byte and throws an exception if this byte
>> is not 0.
>>
>> 183: if (s[len-1] != '\0')
>> 184: OMNIORB_THROW(MARSHAL,MARSHAL_StringNotEndWithNull,
>> 185: (CORBA::CompletionStatus)completion());
>>
>> Cheers,
>> Sergei
>>
>> PS: the bug has been found with valgrind
>>
>> _______________________________________________
>> omniORB-list mailing list
>> omniORB-list at omniorb-support.com
>> http://www.omniorb-support.com/mailman/listinfo/omniorb-list
>
>
>
>
More information about the omniORB-list
mailing list