Hi.
We are using version 1.6.2 of the Axis2/Java framework to generate C
code for use with Axis2/C, from some WSDL service descriptions. We have
noticed that the generated code does not always check the return value
of memory allocations, and there is therefore a risk of null pointer
de-references in low memory situations.
For example :
p_prefix = (axis2_char_t*)AXIS2_MALLOC(env->allocator, sizeof
(axis2_char_t) * ADB_DEFAULT_NAMESPACE_PREFIX_LIMIT);
sprintf(p_prefix, "n%d", (*next_ns_index)++);
It seems to be generally related to allocations before a call to
sprintf. Other times the return value is checked :
_AuthResponse = (adb_AuthResponse_t *) AXIS2_MALLOC(env->allocator,
sizeof(adb_AuthResponse_t));
if(NULL == _AuthResponse)
{
AXIS2_ERROR_SET(env->error, AXIS2_ERROR_NO_MEMORY, AXIS2_FAILURE);
return NULL;
}
We are certainly willing to patch this and submit back the code, but
before embarking on this effort I'd like to validate this with the
list. Is this something that would be accepted, and any hints at the
best way to tackle this would be much appreciated.
Thanks
Jake Scott
---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org
