[
https://issues.apache.org/jira/browse/AXIS2C-1635?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13635013#comment-13635013
]
Gilles Gagniard commented on AXIS2C-1635:
-----------------------------------------
Hello !
Yes I confirm this new patch works for me (except I have my memory corruption
in svc_client back :) ).
BTW, I cannot reproduce it with the provided axis2/c samples, but I definitely
have it in some software I am developing, which does several requests with the
same svc_client, leading to use of the connection map in http_sender.c. Here is
the stack I get with valgrind at shutdown time when svc_client gets freed :
==9485== Invalid read of size 4
==9485== at 0x6905F68: axis2_http_client_free (http_client.c:133)
==9485== by 0x6901016: axis2_http_sender_connection_map_free
(http_sender.c:3853)
==9485== by 0x55D4A94: axutil_property_free (property.c:94)
==9485== by 0x5A60A02: axis2_ctx_free (ctx.c:149)
==9485== by 0x5A66A2C: axis2_conf_ctx_free (conf_ctx.c:364)
==9485== by 0x5A6E1BF: axis2_svc_client_free (svc_client.c:1201)
==9485== by 0x53B2CF8: wso2wsf::ServiceClient::~ServiceClient()
(ServiceClient.cpp:128)
==9485== by 0x53B2D98: wso2wsf::ServiceClient::~ServiceClient()
(ServiceClient.cpp:131)
==9485== by 0x53B9AA0: wso2wsf::Stub::~Stub() (Stub.cpp:78)
==9485== Address 0x65e1100 is 0 bytes inside a block of size 112 free'd
==9485== at 0x4A077E6: free (vg_replace_malloc.c:446)
==9485== by 0x55D4A94: axutil_property_free (property.c:94)
==9485== by 0x5A69C5A: axis2_options_free (options.c:749)
==9485== by 0x5A6E142: axis2_svc_client_free (svc_client.c:1191)
==9485== by 0x53B2CF8: wso2wsf::ServiceClient::~ServiceClient()
(ServiceClient.cpp:128)
==9485== by 0x53B2D98: wso2wsf::ServiceClient::~ServiceClient()
(ServiceClient.cpp:131)
==9485== by 0x53B9AA0: wso2wsf::Stub::~Stub() (Stub.cpp:78)
That's why I moved the freeing of options *after* axis2_conf_ctx_free, since
this function calls a free callback 'axis2_http_client_free' which needs the
options to still exist in order to do its job ...
> Fix for various memleaks & corruptions
> --------------------------------------
>
> Key: AXIS2C-1635
> URL: https://issues.apache.org/jira/browse/AXIS2C-1635
> Project: Axis2-C
> Issue Type: Bug
> Affects Versions: 1.6.0, Current (Nightly)
> Environment: FC18 / WinXP
> Reporter: Gilles Gagniard
> Labels: patch
> Fix For: Current (Nightly)
>
> Attachments: axis2c-1635.patch, axis2c_fixes.patch
>
>
> This issue contains a patch for various memleaks / corruptions in Axis2/C.
> Each proposed fix has an attached comment in the patch describing the issue.
> In particular, it fixes :
> - a crasher introduced with r1467162 : in http_sender.c in_stream could be
> reused after being freed
> - a crasher sometime happening when freeing a svc_client : in svc_client.c
> options should be freed last because free callbacks for other members can tap
> into options (and do, see conf_ctx for instance !)
> - a memleak in the connection_map handling in http_sender.c (key is always
> strdup()ed but never freed)
> - a crasher in stream handling, happening if the incoming stream length is
> exactly equal to internal buffer length
> - a memleak in om_element
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
