[Ace-users] Access violation if handling a structure containing an
octet sequence length > 2604 bytes
arne.berger at gmx.de
arne.berger at gmx.de
Fri Aug 17 03:53:43 CDT 2007
Hi
I have a problem if receiving an unbounded octet sequence by my server
implementation. Following I'm using the PRF form:
ACE VERSION:
5.5.4
HOST MACHINE and OPERATING SYSTEM:
Intel(R) Core(TM)2 and Windows XP Prof. V2002 SP2
COMPILER NAME AND VERSION (AND PATCHLEVEL):
Borland Developer Studio for Microsoft® Windows™ Version
10.0.2288.42451 Update 2
THE $ACE_ROOT/ace/config.h FILE
config-win32.h
AREA/CLASS/EXAMPLE AFFECTED:
TAO::template <typename stream>
bool demarshal_sequence(stream & strm,
TAO::unbounded_value_sequence <CORBA::Short> & target)
and
TAO::details::template<typename T, bool dummy>
struct unbounded_value_allocation_traits::freebuf(value_type
*)
DOES THE PROBLEM AFFECT:
COMPILATION: no
LINKING: no
EXECUTION: yes
OTHER: no
SYNOPSIS:
Access violation if handling a structure containing an octet
sequence length > 2604 bytes
DESCRIPTION:
I've implemented a server interface contains a method with a
structured "in" parameter. The structure consists of several
sequences
(key-value-pairs like string-long, string-double, string-
binary data and so on).
The entries of the binary data sequences is defined as
struct SimBinary
{
string key; // identifier
sequence<octet> value; // the binary data
};
typedef sequence<SimBinary> SimBinarySeq;
If any of these octet sequences contains more than 2604 bytes
an
access violation occurs in
TAO::details::template<typename T, bool dummy>
struct
unbounded_value_allocation_traits::freebuf(value_type *buffer)
{
delete [] buffer; // access violation
}
Within template
TAO::template <typename stream>
bool demarshal_sequence(stream & strm,
TAO::unbounded_value_sequence <CORBA::Short> & target)
{
...
sequence tmp(new_length);
...
}
a temporary instance "tmp" is created. At the end of function
block the destructor
~unbounded_value_sequence<CORBA::Octet>();
is called and invokes
freebuf(buffer);
Until length of 2604 bytes no problems occur. Is there a limit
I've to look after?
Nevertheless an access violation should not occur!
REPEAT BY:
See description. After first exception thread is died.
SAMPLE FIX/WORKAROUND:
I will produce an example if necessary. A workaround is not
possible.
Thanks if anyone can promp help me.
Best regards
Arne Berger
More information about the Ace-users
mailing list