[Ace-users] Corrupt data after calling ACE_Vector<T>::resize
Karl-Heinz
wind at itq.de
Fri Nov 16 04:33:15 CST 2007
On 14 Nov., 17:45, schm... at dre.vanderbilt.edu (Douglas C. Schmidt)
wrote:
> Hi Karl-Heinz,
>
> >Ok I added a bug (3152) and attached a Vector_Test.cpp 5.6.1.
> >The test crashes as expected.
>
> Thanks, this is very helpful. If you have a suggested patch that
> fixes this problem please let us know!
>
> Doug
>
>
>
>
>
>
>
> >On 14 Nov., 14:19, "Johnny Willemsen" <jwillem... at remedy.nl> wrote:
> >> Hi,
>
> >> Thanks for using the PRF form. Can you download x.6.1 and then extend the
> >> test ACE_wrappers/tests/Vector_Test.cpp to reproduce this issue? If you c=
> >an
> >> provide a patch it would be great, after that please put both together in
> >> bugzilla (seehttp://deuce.doc.wustl.edu/bugzilla/index.cgi)
>
> >> Regards,
>
> >> Johnny Willemsen
> >> Remedy IT
> >> Postbus 101
> >> 2650 AC Berkel en Rodenrijs
> >> The Netherlandswww.theaceorb.nl/www.remedy.nl=20
>
> >> *** Integrated compile and test statistics seehttp://scoreboard.theaceorb=
> >.nl***
> >> *** Commercial service and support for ACE/TAO/CIAO ***
> >> *** Seehttp://www.theaceorb.nl/en/support.html ***
>
> >> "Karl-Heinz" <w... at itq.de> wrote in message
>
> >> <news:1195044578.729455.257830 at o80g2000hse.googlegroups.com>...
>
> >> 8<----------8<----------8<----------8<----------8<----------8<----------8=
> ><-=AD-
> >> --
>
> >> > ACE VERSION: 5.5.8
>
> >> > HOST MACHINE and OPERATING SYSTEM:
> >> > PC, Windows XP, VC8
>
> >> > TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
> >> > COMPILER NAME AND VERSION (AND PATCHLEVEL):
>
> >> > THE $ACE_ROOT/ace/config.h FILE: config-win32.h, ACE_USES_WCHAR,
> >> > _USE_32BIT_TIME_T 1
>
> >> > THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE:
>
> >> > CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/
> >> > default.features
> >> > (used by MPC when you generate your own makefiles): MFC=3D0
>
> >> > AREA/CLASS/EXAMPLE AFFECTED:
> >> > TAO/IIOP_Connector, TAO/IIOP_Connection_Handler, ACE_INET_Addr
>
> >> > DOES THE PROBLEM AFFECT:
> >> > COMPILATION? no
> >> > LINKING? no
> >> > EXECUTION? yes
> >> > OTHER (please specify)?
>
> >> > SYNOPSIS:
> >> > Corrupt Data when enlarging ACE_Array_Base buffer after calling
> >> > resize
>
> >> > DESCRIPTION:
> >> > If an ACE_Vector is shrinked by calling the
> >> > ACE_Array_Base<T>::resize you
> >> > will get corrupt data when the internal buffer is getting enlarged
> >> > during
> >> > a later call to ACE_Vector::push_back. The problem resides in the
> >> > ACE_Array_Base class:
> >> > - resize shrinks the buffer by calling ACE_Array_Base<T>::size
> >> > which sets
> >> > the member cur_size_ to new size (array_base.cpp 199).
> >> > - if later calls to ACE_Vector::push_back cause the buffer the be
> >> > enlarged again via ACE_Array<T>::size (vector_t.cpp 38) then not
> >> > all
> >> > data is copied to the new buffer: array_base.cpp 173
>
> >> > To sum it up: shrinking and enlarging using ACE_Array<T>::resize
> >> > could
> >> > lead to corrupt data.
>
> >> > REPEAT BY:
>
> >> > SAMPLE FIX/WORKAROUND:
> >> > cur_size_ is not changed when calling push_back or pop_back, but
> >> > resize does: this leads to inconsistent members.
>
> >> > Sample Program:
>
> >> > #include <ace/OS.h>
> >> > #include <ace/Vector_T.h>
>
> >> > int
> >> > ACE_TMAIN (int argc, ACE_TCHAR **argv)
> >> > {
> >> > int ret =3D 0;
>
> >> > ACE_Vector<int> Data;
>
> >> > // we add Data (0x20 should be enough)
> >> > for(int i=3D0; i<31; i++)
> >> > {
> >> > Data.push_back(1);
> >> > }
>
> >> > // Data.length_ =3D 31
> >> > // Data.cur_size_ =3D 32
> >> > // Data.curr_max_size =3D 32
>
> >> > // now we remove some elements from the end
> >> > Data.resize(20, 0);
>
> >> > // Data.length_ =3D 20
> >> > // Data.cur_size_ =3D 20
> >> > // Data.curr_max_size =3D 32
>
> >> > // now we add data to force the buffer to be resized
> >> > for(int i=3D0; i<32; i++)
> >> > {
> >> > // when i is 12 (buffer will be enlarged)
> >> > Data.push_back(2);
> >> > }
>
> >> > // Here you should watch the buffer in your memory window
> >> > // 0-19 should be 1
> >> > // 20 and above should be 2
> >> > for(int i=3D0; i<Data.size(); i++)
> >> > {
> >> > // when i is 12 (buffer will be enlarged)
> >> > ACE_DEBUG((LM_INFO, ACE_TEXT("%d\n"), Data[i] ));
> >> > }
> >> > // but you can see that the buffer is corrupt as only 20
> >> > (Data.cur_size_)
> >> > // elements were copied when the buffer was enlarged
>
> >> > return ret;
> >> > }
>
> >> > brgs KH- Zitierten Text ausblenden -
>
> >> - Zitierten Text anzeigen -
>
> --
> Dr. Douglas C. Schmidt Professor and Associate Chair
> Electrical Engineering and Computer Science TEL: (615) 343-8197
> Vanderbilt University WEB:www.dre.vanderbilt.edu/~schmidt
> Nashville, TN 37203 NET: d.schm... at vanderbilt.edu- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -
Hi Doug,
unfortunately I won't be able to provide a fix the next days, as I
will be on holiday...
I'll have a closer look at the problem after my vacation, but fixing
this bug could introduce a lot
of side-effects in other classes as ACE_Array_Base is used by so many
other
classes...
best regards KHW
More information about the Ace-users
mailing list