Another Segfault In GIOP Code

From: Chris McGee <sirnewton_01 yahoo ca>
To: orbit-list gnome org
Subject: Another Segfault In GIOP Code
Date: Fri, 9 May 2003 21:21:30 -0700 (PDT)

Hi all,

I found another segmentation fault in the GIOP code.

After the previous problem, I simply commented out any
g_free's in GIOP/giop-recv-buffer.c so that I could be
sure that there was no possibility of double-frees.
This extended the life of my app until about the
twentieth messsage sent from the omniorb server. Here
is the backtrace:

#0  0x401d5426 in mallopt () from /lib/libc.so.6
#1  0x401d51fb in mallopt () from /lib/libc.so.6
#2  0x401d40fc in malloc () from /lib/libc.so.6
#3  0x401d42fc in realloc () from /lib/libc.so.6
#4  0x4010c3cb in g_try_realloc () from
/usr/lib/libglib-2.0.so.0
#5  0x40028547 in alloc_buffer (buf=0x80f9290,
old_alloc=0x0, body_size=60)
    at giop-recv-buffer.c:840
#6  0x40028c79 in giop_recv_msg_reading_body
(buf=0x80f9290, is_auth=0)
    at giop-recv-buffer.c:1134
#7  0x40028ff6 in giop_connection_handle_input
(lcnx=0x80f8ce8)
    at giop-recv-buffer.c:1192
#8  0x4005961d in linc_connection_io_handler
(gioc=0x0, condition=G_IO_IN,
    data=0x80f8ce8) at linc-connection.c:996
#9  0x4005afc0 in linc_source_dispatch
(source=0x80f91a0,
    callback=0x400594b8 <linc_connection_io_handler>,
user_data=0x80f8ce8)
    at linc-source.c:54
#10 0x4010744f in g_get_current_time () from
/usr/lib/libglib-2.0.so.0
#11 0x40108369 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#12 0x4010866f in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#13 0x40108cbe in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
#14 0x40058014 in linc_main_loop_run () at linc.c:303
#15 0x400266ad in giop_main_run () at giop.c:397
#16 0x4002a866 in CORBA_ORB_run (orb=0x80d9268,
ev=0xbffff930) at corba-orb.c:966
#17 0x0805f669 in fresco_server_run ()
#18 0x0805f85d in main ()
#19 0x40180a51 in __libc_start_main () from
/lib/libc.so.6

The message that is being sent is a simple ping
message. Here is an example of the trace of one of the
messages before the segfault:

Incoming IIOP header:
0x0000:   47 49 4f 50  01 02 01 00  3c 00 00 00  XX XX
XX XX | GIOP....<...****
 ---
Read 60
Incoming IIOP body:
0x000c:   4e 00 00 00  03 00 00 00  00 00 00 00  1c 00
00 00 | N...............
0x001c:   00 00 00 00  af 70 1b 3a  06 73 59 c1  b9 0e
80 9e | .....p.:.sY.....
0x002c:   2a 0f e6 4e  01 00 00 00  7b 8c 60 b8  05 00
00 00 | *..N....{.`.....
0x003c:   70 69 6e 67  00 61 70 70  00 00 00 00  XX XX
XX XX | ping.app....****
 ---
handling request
p 23241: handle request 'ping'
Outgoing IIOP data:
0x0000:   47 49 4f 50  01 02 01 01  24 00 00 00  XX XX
XX XX | GIOP....$...****
 ---

I'm not exactly sure what could be causing the
segfaults. The removal of all g_free calls from this
file should prevent any double-frees from happening.
One thought of mine was that linc is somehow
interfering with the buffers in between function calls
and freeing memory or changing some of the memory in
such a way that is causing this segmentation fault.

Any help would be greatly appreciated.

Thanks,

Chris McGee

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

Follow-Ups:
- Re: Another Segfault In GIOP Code
  - From: Michael Meeks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]