Felix Nawothnig
2009-09-11 20:39:15 UTC
Let's hope this I'm reporting a real bug this time. :-)
The assignment operator in _CORBA_ObjRef_Element don't check for
self-assignment - so I currently have a crash in the duplicate call() in
inline T_element& operator= (const T_element& p) {
if( pd_rel ) {
T_Helper::release(pd_data);
T_Helper::duplicate(p.pd_data);
pd_data = p.pd_data;
}
else
pd_data = p.pd_data;
return *this;
}
The _CORBA_ObjRef_Member::T_member& operator= (T_ptr p) implementation
looks suspicious too... I wouldn't expect that by assigning the actually
stored _ptr it now contains a freed (invalid) reference - but that might
actually be okay.
Cheers,
Felix
The assignment operator in _CORBA_ObjRef_Element don't check for
self-assignment - so I currently have a crash in the duplicate call() in
inline T_element& operator= (const T_element& p) {
if( pd_rel ) {
T_Helper::release(pd_data);
T_Helper::duplicate(p.pd_data);
pd_data = p.pd_data;
}
else
pd_data = p.pd_data;
return *this;
}
The _CORBA_ObjRef_Member::T_member& operator= (T_ptr p) implementation
looks suspicious too... I wouldn't expect that by assigning the actually
stored _ptr it now contains a freed (invalid) reference - but that might
actually be okay.
Cheers,
Felix