When using _is_a() from a ORBit-client to a mico-server (eg nsd) the
mico-server crashes ("glibc detected: double free corruption").
The reason is a inconsistency in ORBit: it sends the method name with a
length 1 byte too long (and a junk character).
I posted a patch to ORBit,
but mico shouldn't crash.
The following patch solves the problem:
- CORBA::string_free() freed the string first, the destructor the second
time (that's mico's bug)
- (s[len-1] != 0) is replaced by (!memchr (s.ptr(), 0, len)) which enables
ORBit-interoperability as long as ORBit is wrong
this makes mico more tolerant to wrong-formatted messages, but I think
that's ok
- I also tested this patch with mico-2.3.12; but as we use mico-2.3.7
internally, the patch is for the old version
diff -Naur mico-2.3.7.old/orb/codec.cc mico-2.3.7.new/orb/codec.cc
--- mico-2.3.7.old/orb/codec.cc 2001-10-11 20:08:52.000000000 +0200
+++ mico-2.3.7.new/orb/codec.cc 2007-11-19 17:31:43.000000000 +0100
@@ -1998,14 +1998,10 @@
return FALSE;
s = CORBA::string_alloc (len-1);
- if (!buf->get (s.ptr(), len)) {
- CORBA::string_free (s);
+ if (!buf->get (s.ptr(), len))
return FALSE;
- }
- if (s[len-1] != 0) {
- CORBA::string_free (s);
+ if (!memchr (s.ptr(), 0, len)) // was (incompatible with ORBit2):
if (s[len-1] != 0)
return FALSE;
- }
return TRUE;
}
----------------------------------------
This message is intended for a particular addressee only and may contain
business or company secrets. If you have received this email in error, please
contact the sender and delete the message immediately. Any use of this email,
including saving, publishing, copying, replication or forwarding of the message
or the contents is not permitted. _______________________________________________
Mico-devel mailing list
Mico-devel@mico.org
http://www.mico.org/mailman/listinfo/mico-devel
