[omniORB] Bug in reference parsing?

Serguei Kolos Serguei.Kolos at cern.ch
Wed Jun 3 16:02:28 BST 2009 

Hello

I'm using omniORB 4.1.3 with gcc3.4 on Linux kernel 2.6

I got the string_to_object function crashing with segmentation fault if 
I have
the following 2 conditions met:
1. the reference is using unix domain socket format, i.e. it looks like:

    corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy

2. I have the following 2 lines set in the /etc/omniORB.cfg file:

clientTransportRule = 10.153.34.0/255.255.255.0 unix,tcp
            = *                none

Here is GDB stack trace which shows that crash occurs because the
function "extractHost" (transportRules:cc219) does not check that the
"host" parameter is NULL before passing it to the LibcWrapper::isip4addr

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209063744 (LWP 21266)]
0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at 
../src/lib/omniORB/orbcore/libcWrapper.cc:194
194       for (c=node; *c; ++c) {
(gdb) bt
#0  0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at 
../src/lib/omniORB/orbcore/libcWrapper.cc:194
#1  0x006aed0c in extractHost (endpoint=0x9762b50 
"giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01") at 
../src/lib/omniORB/orbcore/transportRules.cc:219
#2  0x006b1927 in omni::builtinIPv4Rule::match (this=0x9760ab8, 
endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01")
    at ../src/lib/omniORB/orbcore/transportRules.cc:290
#3  0x006aeaaf in omni::transportRules::match (this=0x7166d4, 
endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01", 
actions=@0xbfe083c0,
    priority=@0xbfe083bc) at 
../src/lib/omniORB/orbcore/transportRules.cc:152
#4  0x0064de18 in omni::giopRope::filterAndSortAddressList 
(addrlist=@0x97628e4, ordered_list=@0xbfe08430, use_bidir=@0xbfe0842f)
    at ../src/lib/omniORB/orbcore/giopRope.cc:733
#5  0x0064dadb in omni::giopRope::selectRope (addrlist=@0x97628e4, 
info=0x97628e0, r=@0xbfe084f8, loc=@0xbfe084f3) at 
../src/lib/omniORB/orbcore/giopRope.cc:669
#6  0x00679dc7 in omni::createIdentity (ior=0x9762810, target=0x6c5939 
"IDL:omg.org/CORBA/Object:1.0", locked=false)
    at ../src/lib/omniORB/orbcore/omniInternal.cc:935
#7  0x0067a349 in omni::createObjRef (targetRepoId=0x6c5939 
"IDL:omg.org/CORBA/Object:1.0", ior=0x9762810, locked=false, id=0x0)
    at ../src/lib/omniORB/orbcore/omniInternal.cc:1005
#8  0x006b4658 in omni::corbalocURIHandler::locToObject (c=@0xbfe08970, 
cycles=0, def_key=0x0) at ../src/lib/omniORB/orbcore/uri.cc:903
#9  0x006b2a07 in omni::corbalocURIHandler::toObject (this=0x71673c, 
uri=0x9762a24 
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy",
    cycles=0) at ../src/lib/omniORB/orbcore/uri.cc:502
#10 0x006b266c in omni::omniURI::stringToObject (uri=0x9762a24 
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy", 
cycles=0)
    at ../src/lib/omniORB/orbcore/uri.cc:291
#11 0x0061f857 in omniOrbORB::string_to_object (this=0x9761150, 
uri=0x9762a24 
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy")
    at ../src/lib/omniORB/orbcore/corbaOrb.cc:751

More information about the omniORB-list mailing list