[Ace-users] Corrupt data after calling ACE_Vector<T>::resize

Karl-Heinz wind at itq.de
Fri Nov 16 07:41:57 CST 2007 

On 14 Nov., 17:45, schm... at dre.vanderbilt.edu (Douglas C. Schmidt)
wrote:
> Hi Karl-Heinz,
>
> >Ok I added a bug (3152) and attached a Vector_Test.cpp 5.6.1.
> >The test crashes as expected.
>
> Thanks, this is very helpful.  If you have a suggested patch that
> fixes this problem please let us know!
>
> Doug
>
>
>
>
>
>
>
> >On 14 Nov., 14:19, "Johnny Willemsen" <jwillem... at remedy.nl> wrote:
> >> Hi,
>
> >> Thanks for using the PRF form. Can you download x.6.1 and then extend the
> >> test ACE_wrappers/tests/Vector_Test.cpp to reproduce this issue? If you c=
> >an
> >> provide a patch it would be great, after that please put both together in
> >> bugzilla (seehttp://deuce.doc.wustl.edu/bugzilla/index.cgi)
>
> >> Regards,
>
> >> Johnny Willemsen
> >> Remedy IT
> >> Postbus 101
> >> 2650 AC  Berkel en Rodenrijs
> >> The Netherlandswww.theaceorb.nl/www.remedy.nl=20
>
> >> *** Integrated compile and test statistics seehttp://scoreboard.theaceorb=
> >.nl***
> >> *** Commercial service and support for ACE/TAO/CIAO             ***
> >> *** Seehttp://www.theaceorb.nl/en/support.html               ***
>
> >> "Karl-Heinz" <w... at itq.de> wrote in message
>
> >> <news:1195044578.729455.257830 at o80g2000hse.googlegroups.com>...
>
> >> 8<----------8<----------8<----------8<----------8<----------8<----------8=
> ><-=AD-
> >> --
>
> >> >     ACE VERSION: 5.5.8
>
> >> >     HOST MACHINE and OPERATING SYSTEM:
> >> >         PC, Windows XP, VC8
>
> >> >     TARGET MACHINE and OPERATING SYSTEM, if different from HOST:
> >> >     COMPILER NAME AND VERSION (AND PATCHLEVEL):
>
> >> >     THE $ACE_ROOT/ace/config.h FILE: config-win32.h, ACE_USES_WCHAR,
> >> >     _USE_32BIT_TIME_T 1
>
> >> >     THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE:
>
> >> >     CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/
> >> > default.features
> >> >     (used by MPC when you generate your own makefiles): MFC=3D0
>
> >> >     AREA/CLASS/EXAMPLE AFFECTED:
> >> >     TAO/IIOP_Connector, TAO/IIOP_Connection_Handler, ACE_INET_Addr
>
> >> >     DOES THE PROBLEM AFFECT:
> >> >         COMPILATION? no
> >> >         LINKING? no
> >> >         EXECUTION? yes
> >> >         OTHER (please specify)?
>
> >> >     SYNOPSIS:
> >> >     Corrupt Data when enlarging ACE_Array_Base buffer after calling
> >> > resize
>
> >> >     DESCRIPTION:
> >> >     If an ACE_Vector is shrinked by calling the
> >> > ACE_Array_Base<T>::resize you
> >> >     will get corrupt data when the internal buffer is getting enlarged
> >> > during
> >> >     a later call to ACE_Vector::push_back. The problem resides in the
> >> >     ACE_Array_Base class:
> >> >     - resize shrinks the buffer by calling ACE_Array_Base<T>::size
> >> > which sets
> >> >       the member cur_size_ to new size (array_base.cpp 199).
> >> >     - if later calls to ACE_Vector::push_back cause the buffer the be
> >> >       enlarged again via ACE_Array<T>::size (vector_t.cpp 38) then not
> >> > all
> >> >       data is copied to the new buffer: array_base.cpp 173
>
> >> >     To sum it up: shrinking and enlarging using ACE_Array<T>::resize
> >> > could
> >> >     lead to corrupt data.
>
> >> >     REPEAT BY:
>
> >> >     SAMPLE FIX/WORKAROUND:
> >> >     cur_size_ is not changed when calling push_back or pop_back, but
> >> >     resize does: this leads to inconsistent members.
>
> >> >     Sample Program:
>
> >> >     #include <ace/OS.h>
> >> >     #include <ace/Vector_T.h>
>
> >> > int
> >> > ACE_TMAIN (int argc, ACE_TCHAR **argv)
> >> > {
> >> >     int ret =3D 0;
>
> >> >     ACE_Vector<int> Data;
>
> >> >     // we add Data (0x20 should be enough)
> >> >     for(int i=3D0; i<31; i++)
> >> >     {
> >> >         Data.push_back(1);
> >> >     }
>
> >> >     // Data.length_         =3D 31
> >> >     // Data.cur_size_       =3D 32
> >> >     // Data.curr_max_size   =3D 32
>
> >> >     // now we remove some elements from the end
> >> >     Data.resize(20, 0);
>
> >> >     // Data.length_         =3D 20
> >> >     // Data.cur_size_       =3D 20
> >> >     // Data.curr_max_size   =3D 32
>
> >> >     // now we add data to force the buffer to be resized
> >> >     for(int i=3D0; i<32; i++)
> >> >     {
> >> >         // when i is 12 (buffer will be enlarged)
> >> >         Data.push_back(2);
> >> >     }
>
> >> >     // Here you should watch the buffer in your memory window
> >> >     // 0-19 should be 1
> >> >     // 20 and above should be 2
> >> >     for(int i=3D0; i<Data.size(); i++)
> >> >     {
> >> >         // when i is 12 (buffer will be enlarged)
> >> >         ACE_DEBUG((LM_INFO, ACE_TEXT("%d\n"), Data[i] ));
> >> >     }
> >> >     // but you can see that the buffer is corrupt as only 20
> >> > (Data.cur_size_)
> >> >     // elements were copied when the buffer was enlarged
>
> >> >     return ret;
> >> > }
>
> >> > brgs KH- Zitierten Text ausblenden -
>
> >> - Zitierten Text anzeigen -
>
> --
> Dr. Douglas C. Schmidt                       Professor and Associate Chair
> Electrical Engineering and Computer Science  TEL: (615) 343-8197
> Vanderbilt University                        WEB:www.dre.vanderbilt.edu/~schmidt
> Nashville, TN 37203                          NET: d.schm... at vanderbilt.edu- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -

I finally managed to have a look at the problem and
attached a patch to bug 3152: pop_back and push_back are modified
Please have a look at my changes... note that the bug is still set to
NEW
as I didn't know what to do with this....
/KHW

More information about the Ace-users mailing list