Serguei Kolos
2009-06-03 19:03:01 UTC
Hello
I'm using omniORB 4.1.3 with gcc3.4 on Linux kernel 2.6
I got the string_to_object function crashing with segmentation fault if
I have
the following 2 conditions met:
1. the reference is using unix domain socket format, i.e. it looks like:
corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy
2. I have the following 2 lines set in the /etc/omniORB.cfg file:
clientTransportRule = 10.153.34.0/255.255.255.0 unix,tcp
= * none
Here is GDB stack trace which shows that crash occurs because the
function "extractHost" (transportRules:cc219) does not check that the
"host" parameter is NULL before passing it to the LibcWrapper::isip4addr
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209063744 (LWP 21266)]
0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at
../src/lib/omniORB/orbcore/libcWrapper.cc:194
194 for (c=node; *c; ++c) {
(gdb) bt
#0 0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at
../src/lib/omniORB/orbcore/libcWrapper.cc:194
#1 0x006aed0c in extractHost (endpoint=0x9762b50
"giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01") at
../src/lib/omniORB/orbcore/transportRules.cc:219
#2 0x006b1927 in omni::builtinIPv4Rule::match (this=0x9760ab8,
endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01")
at ../src/lib/omniORB/orbcore/transportRules.cc:290
#3 0x006aeaaf in omni::transportRules::match (this=0x7166d4,
endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01",
actions=@0xbfe083c0,
priority=@0xbfe083bc) at
../src/lib/omniORB/orbcore/transportRules.cc:152
#4 0x0064de18 in omni::giopRope::filterAndSortAddressList
(addrlist=@0x97628e4, ordered_list=@0xbfe08430, use_bidir=@0xbfe0842f)
at ../src/lib/omniORB/orbcore/giopRope.cc:733
#5 0x0064dadb in omni::giopRope::selectRope (addrlist=@0x97628e4,
info=0x97628e0, r=@0xbfe084f8, loc=@0xbfe084f3) at
../src/lib/omniORB/orbcore/giopRope.cc:669
#6 0x00679dc7 in omni::createIdentity (ior=0x9762810, target=0x6c5939
"IDL:omg.org/CORBA/Object:1.0", locked=false)
at ../src/lib/omniORB/orbcore/omniInternal.cc:935
#7 0x0067a349 in omni::createObjRef (targetRepoId=0x6c5939
"IDL:omg.org/CORBA/Object:1.0", ior=0x9762810, locked=false, id=0x0)
at ../src/lib/omniORB/orbcore/omniInternal.cc:1005
#8 0x006b4658 in omni::corbalocURIHandler::locToObject (c=@0xbfe08970,
cycles=0, def_key=0x0) at ../src/lib/omniORB/orbcore/uri.cc:903
#9 0x006b2a07 in omni::corbalocURIHandler::toObject (this=0x71673c,
uri=0x9762a24
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy",
cycles=0) at ../src/lib/omniORB/orbcore/uri.cc:502
#10 0x006b266c in omni::omniURI::stringToObject (uri=0x9762a24
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy",
cycles=0)
at ../src/lib/omniORB/orbcore/uri.cc:291
#11 0x0061f857 in omniOrbORB::string_to_object (this=0x9761150,
uri=0x9762a24
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy")
at ../src/lib/omniORB/orbcore/corbaOrb.cc:751
I'm using omniORB 4.1.3 with gcc3.4 on Linux kernel 2.6
I got the string_to_object function crashing with segmentation fault if
I have
the following 2 conditions met:
1. the reference is using unix domain socket format, i.e. it looks like:
corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy
2. I have the following 2 lines set in the /etc/omniORB.cfg file:
clientTransportRule = 10.153.34.0/255.255.255.0 unix,tcp
= * none
Here is GDB stack trace which shows that crash occurs because the
function "extractHost" (transportRules:cc219) does not check that the
"host" parameter is NULL before passing it to the LibcWrapper::isip4addr
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1209063744 (LWP 21266)]
0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at
../src/lib/omniORB/orbcore/libcWrapper.cc:194
194 for (c=node; *c; ++c) {
(gdb) bt
#0 0x0066dea1 in omni::LibcWrapper::isip4addr (node=0x0) at
../src/lib/omniORB/orbcore/libcWrapper.cc:194
#1 0x006aed0c in extractHost (endpoint=0x9762b50
"giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01") at
../src/lib/omniORB/orbcore/transportRules.cc:219
#2 0x006b1927 in omni::builtinIPv4Rule::match (this=0x9760ab8,
endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01")
at ../src/lib/omniORB/orbcore/transportRules.cc:290
#3 0x006aeaaf in omni::transportRules::match (this=0x7166d4,
endpoint=0x9762b50 "giop:unix:/tmp/tdaq-ipc/tdaq-02-00-01",
actions=@0xbfe083c0,
priority=@0xbfe083bc) at
../src/lib/omniORB/orbcore/transportRules.cc:152
#4 0x0064de18 in omni::giopRope::filterAndSortAddressList
(addrlist=@0x97628e4, ordered_list=@0xbfe08430, use_bidir=@0xbfe0842f)
at ../src/lib/omniORB/orbcore/giopRope.cc:733
#5 0x0064dadb in omni::giopRope::selectRope (addrlist=@0x97628e4,
info=0x97628e0, r=@0xbfe084f8, loc=@0xbfe084f3) at
../src/lib/omniORB/orbcore/giopRope.cc:669
#6 0x00679dc7 in omni::createIdentity (ior=0x9762810, target=0x6c5939
"IDL:omg.org/CORBA/Object:1.0", locked=false)
at ../src/lib/omniORB/orbcore/omniInternal.cc:935
#7 0x0067a349 in omni::createObjRef (targetRepoId=0x6c5939
"IDL:omg.org/CORBA/Object:1.0", ior=0x9762810, locked=false, id=0x0)
at ../src/lib/omniORB/orbcore/omniInternal.cc:1005
#8 0x006b4658 in omni::corbalocURIHandler::locToObject (c=@0xbfe08970,
cycles=0, def_key=0x0) at ../src/lib/omniORB/orbcore/uri.cc:903
#9 0x006b2a07 in omni::corbalocURIHandler::toObject (this=0x71673c,
uri=0x9762a24
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy",
cycles=0) at ../src/lib/omniORB/orbcore/uri.cc:502
#10 0x006b266c in omni::omniURI::stringToObject (uri=0x9762a24
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy",
cycles=0)
at ../src/lib/omniORB/orbcore/uri.cc:291
#11 0x0061f857 in omniOrbORB::string_to_object (this=0x9761150,
uri=0x9762a24
"corbaloc:omniunix:/tmp/tdaq-ipc/tdaq-02-00-01:/%ffipc/proxy%00proxy")
at ../src/lib/omniORB/orbcore/corbaOrb.cc:751