[Ace-users] Access violation if handling a structure containing an octet sequence length > 2604 bytes

arne.berger at gmx.de arne.berger at gmx.de
Fri Aug 17 03:53:43 CDT 2007


Hi

I have a problem if receiving an unbounded octet sequence by my server
implementation. Following I'm using the PRF form:

    ACE VERSION:
        5.5.4

    HOST MACHINE and OPERATING SYSTEM:
        Intel(R) Core(TM)2 and Windows XP Prof. V2002 SP2

    COMPILER NAME AND VERSION (AND PATCHLEVEL):
        Borland Developer Studio for Microsoft® Windows™ Version
10.0.2288.42451 Update 2

    THE $ACE_ROOT/ace/config.h FILE
        config-win32.h

    AREA/CLASS/EXAMPLE AFFECTED:
        TAO::template <typename stream>
        bool demarshal_sequence(stream & strm,
TAO::unbounded_value_sequence <CORBA::Short> & target)
        and
        TAO::details::template<typename T, bool dummy>
        struct unbounded_value_allocation_traits::freebuf(value_type
*)

    DOES THE PROBLEM AFFECT:
        COMPILATION: no
        LINKING: no
        EXECUTION: yes
        OTHER: no

    SYNOPSIS:
        Access violation if handling a structure containing an octet
sequence length > 2604 bytes

    DESCRIPTION:
        I've implemented a server interface contains a method with a
        structured "in" parameter. The structure consists of several
sequences
        (key-value-pairs like string-long, string-double, string-
binary data and so on).
        The entries of the binary data sequences is defined as
            struct SimBinary
            {
              string          key;     // identifier
              sequence<octet> value;   // the binary data
            };
            typedef sequence<SimBinary> SimBinarySeq;
        If any of these octet sequences contains more than 2604 bytes
an
        access violation occurs in
            TAO::details::template<typename T, bool dummy>
            struct
unbounded_value_allocation_traits::freebuf(value_type *buffer)
            {
              delete [] buffer;  // access violation
            }
        Within template
            TAO::template <typename stream>
            bool demarshal_sequence(stream & strm,
TAO::unbounded_value_sequence <CORBA::Short> & target)
            {
              ...
             sequence tmp(new_length);
              ...
            }
        a temporary instance "tmp" is created. At the end of function
block the destructor
            ~unbounded_value_sequence<CORBA::Octet>();
        is called and invokes
            freebuf(buffer);

        Until length of 2604 bytes no problems occur. Is there a limit
I've to look after?
        Nevertheless an access violation should not occur!

    REPEAT BY:
        See description. After first exception thread is died.

    SAMPLE FIX/WORKAROUND:
        I will produce an example if necessary. A workaround is not
possible.

Thanks if anyone can promp help me.

Best regards
Arne Berger



More information about the Ace-users mailing list