[Ace-users] [tao-users] PRF: Segfault when sending too much data
Johnny Willemsen
jwillemsen at remedy.nl
Fri Nov 23 00:43:07 CST 2007
Hi,
Thanks for using the PRF form. Can you put this in bugzilla (see
http://deuce.doc.wustl.edu/bugzilla/index.cgi). Be aware that resources for
free support are really minimal at this moment, consider getting commercial
support to fix this issue, for example from Remedy IT, see www.theaceorb.nl
for our services
Regards,
Johnny Willemsen
Remedy IT
Postbus 101
2650 AC Berkel en Rodenrijs
The Netherlands
www.theaceorb.nl / www.remedy.nl
*** Integrated compile and test statistics see
http://scoreboard.theaceorb.nl ***
*** Commercial service and support for ACE/TAO/CIAO ***
*** See http://www.theaceorb.nl/en/support.html ***
"Andre Kostur" <akostur at incognito.com> wrote in message
news:<mailman.2937.1195778610.5286.tao-users at mail.cse.wustl.edu>...
TAO VERSION: 1.6.1
ACE VERSION: 5.6.1
HOST MACHINE and OPERATING SYSTEM: Xen VM of Linux/i386
v2.6.18-5-xen-vserver-686, Debian 4.0
COMPILER NAME AND VERSION (AND PATCHLEVEL): gcc version 4.1.2
20061115 (prerelease) (Debian 4.1.1-21)
THE $ACE_ROOT/ace/config.h FILE [if you use a link to a platform-
specific file, simply state which one]:
#define ACE_AS_STATIC_LIBS 1
#define TAO_AS_STATIC_LIBS 1
#define ACE_HAS_STANDARD_CPP_LIBRARY 1
#define ACE_HAS_IPV6 1
#define ACE_USES_IPV4_IPV6_MIGRATION 1
#include "ace/config-linux.h"
THE $ACE_ROOT/include/makeinclude/platform_macros.GNU FILE [if you
use a link to a platform-specific file, simply state which one
(unless this isn't used in this case, e.g., with Microsoft Visual
C++)]:
ACE_COMPONENTS=FOR_TAO
exceptions = 1
debug = 0
optimize = 1
static_libs_only = 1
xt_reactor = 0
fl_reactor = 0
ssl = 1
ipv6 = 1
zlib = 1
LDFLAGS += -L$(ACE_ROOT)/ace/$(TARGET_PLATFORM)
VDIR = .obj/$(TARGET_PLATFORM)/
INSLIB = $(ACE_ROOT)/ace/$(TARGET_PLATFORM)
include $(ACE_ROOT)/include/makeinclude/platform_linux.GNU
CONTENTS OF $ACE_ROOT/bin/MakeProjectCreator/config/default.features
(used by MPC when you generate your own makefiles):
ssl = 1
ipv6 = 1
zlib = 1
AREA/CLASS/EXAMPLE AFFECTED: TAO Block Flushing Strategy
DOES THE PROBLEM AFFECT:
COMPILATION? No
LINKING? No
On Unix systems, did you run make realclean first?
EXECUTION? Yes
OTHER (please specify)? n/a
SYNOPSIS:
Attempting to send too much data through an out parameter when
ORBFlushingStrategy is set to blocking causes a segfault.
DESCRIPTION:
Attempting to send too much data through an out parameter when
ORBFlushingStrategy is set to blocking causes a segfault.
REPEAT BY:
Code:
#include <ace/OS.h>
#include <tao/corba.h>
#include <tao/PortableServer/PortableServer.h>
#include <iostream>
#include "corbarpc/ctestS.h"
using namespace std;
class ctest_impl : public virtual POA_ctest
{
public:
CORBA::Long ctestfn(CORBA::Long size, ctest::UCSeq_out data)
{
cout << "ctestfn called for " << size << " objects" <<
endl;
data = new ctest::UCSeq;
data->length(size);
for (size_t i = 0; i < data->length(); ++i)
{
data[i] = (rand() % 26) + 'A';
}
return 0;
}
};
int main(int argc, char * argv[])
{
try
{
if ((argc == 1) || (argc > 3))
{
cout << "Server Mode" << endl;
CORBA::ORB_var orb = CORBA::ORB_init(argc, argv);
CORBA::Object_var obj =
orb->resolve_initial_references("RootPOA");
PortableServer::POA_var poa = PortableServer::POA::_narrow(obj);
PortableServer::POAManager_var mgr = poa->the_POAManager();
mgr->activate();
ctest_impl servant;
ctest_var object = servant._this();
CORBA::String_var str = orb->object_to_string(object);
cout << str << endl;
orb->run();
}
else
{
cout << "Client Mode" << endl;
CORBA::ORB_var orb = CORBA::ORB_init(argc, argv);
CORBA::Object_var obj = orb->string_to_object(argv[1]);
if (CORBA::is_nil(obj))
{
cout << "Nil reference" << endl;
return EXIT_FAILURE;
}
ctest_var ctestVar;
ctestVar = ctest::_narrow(obj);
cout << "Calling ctestfn" << endl;
ctest::UCSeq_var data;
ctestVar->ctestfn(ACE_OS::atoi(argv[2]), data);
cout << "Received " << data->length() << " bytes" << endl;
}
ACE_OS::sleep(10);
}
catch(...)
{
cout << "An exception" << endl;
}
return EXIT_SUCCESS;
}
IDL:
interface ctest {
typedef sequence<char> UCSeq;
long ctestfn(in long size, out UCSeq data);
};
Run the server as:
ctest -ORBSvcConfDirective "static Server_Strategy_Factory
\"-ORBConcurrency reactive -ORBPOALock thread
-ORBAllowReactivationOfSystemids 0\"" -ORBSvcConfDirective "static
Resource_Factory \"-ORBConnectionCacheMax 10 -ORBNativeWcharCodeSet
0x00010109 -ORBFlushingStrategy blocking\"" -ORBSvcConfDirective "static
Client_Strategy_Factory \"-ORBWaitStrategy rw -ORBTransportMuxStrategy
exclusive -ORBConnectStrategy blocked -ORBConnectionHandlerCleanup 1\""
-ORBStdProfileComponents 0 -ORBDebug -ORBDebugLevel 10
Run the client as:
ctest <IOR Shown by above server> <number of bytes>
If you run the ctest client with a value of 131368, the program executes
as expected. But if you use 131369, the server will segfault. Stack
trace as follows:
#0 0x464c5f4f in ?? ()
#1 0x0811cb28 in TAO_Block_Flushing_Strategy::flush_message ()
#2 0x080fd390 in TAO_Transport::send_reply_message_i ()
#3 0x080fdce4 in TAO_Transport::send_message_shared_i ()
#4 0x08130329 in TAO_IIOP_Transport::send_message_shared ()
#5 0x0812fec1 in TAO_IIOP_Transport::send_message ()
#6 0x080f5061 in TAO_ServerRequest::tao_send_reply ()
#7 0x0805b678 in TAO_ServantBase::synchronous_upcall_dispatch ()
#8 0x0804d861 in POA_ctest::_dispatch (this=0xbf81e0e0,
req=@0xbf81d568,
servant_upcall=0xbf81cfe4) at ctestS.cpp:765
#9 0x080756d5 in TAO_Object_Adapter::dispatch_servant ()
#10 0x08075d54 in TAO_Object_Adapter::dispatch ()
#11 0x08101e5a in TAO_Adapter_Registry::dispatch ()
#12 0x080e1674 in TAO_Request_Dispatcher::dispatch ()
#13 0x0813ab22 in TAO_GIOP_Message_Base::process_request ()
#14 0x081368e0 in TAO_GIOP_Message_Base::process_request_message ()
#15 0x080f910f in TAO_Transport::process_parsed_messages ()
#16 0x080fcc06 in TAO_Transport::handle_input_parse_data ()
#17 0x080fcdf3 in TAO_Transport::handle_input ()
#18 0x08134459 in TAO_Connection_Handler::handle_input_internal ()
#19 0x08134646 in TAO_Connection_Handler::handle_input_eh ()
#20 0x08125f1f in TAO_IIOP_Connection_Handler::handle_input ()
#21 0x08180eb0 in ACE_TP_Reactor::handle_socket_events ()
#22 0x0818122c in ACE_TP_Reactor::handle_events ()
#23 0x080ca787 in TAO_ORB_Core::run ()
#24 0x080c6ca5 in CORBA::ORB::run ()
#25 0x0804cf2f in main (argc=12, argv=0xb7e5db60) at ctest.cpp:55
The TAO logs of the failing call, starting from when the server receives
the request:
TAO (28497|3084175040) - ORB_Core::run, start [run]
TAO (28497|3084175040) - ORB_Core::run, calling handle_events()
TAO (28497|3084175040) - Transport_Cache_Manager::fill_set_i,
current_size = 0, cache_maximum = 10
TAO (28497|3084175040) - Concurrency_Strategy::activate_svc_handler,
opened as TAO_SERVER_ROLE
TAO (28497|3084175040) - IIOP_Connection_Handler::open, The local addr
is <::ffff:192.168.74.17:40394>
TAO (28497|3084175040) - IIOP_Connection_Handler::open, IIOP connection
to peer <[::ffff:192.168.75.81]:39725> on 11
TAO (28497|3084175040) - IIOP_Endpoint::set, cannot determine hostname:
No such file or directory
TAO (28497|3084175040) - Transport_Cache_Manager::bind_i: Transport[11]
;hash 1363887085
TAO (28497|3084175040) - Transport_Cache_Manager::bind_i, cache size is
[1]
TAO (28497|3084175040) - Transport[11]::register_handler
TAO (28497|3084175040) - ORB_Core::run, handle_events() returns 1
TAO (28497|3084175040) - ORB_Core::run, calling handle_events()
TAO (28497|3084175040) - Connection_Handler[11]::handle_input, handle =
11/11
TAO (28497|3084175040) - Transport[11]::handle_input
TAO (28497|3084175040) - Transport[11]::process_queue_head, 0 enqueued
TAO (28497|3084175040) - Transport[11]::handle_input_parse_data, enter
TAO (28497|3084175040) - Transport[11]::handle_input_parse_data, read 76
bytes
TAO (28497|3084175040) - GIOP_Message_State::parse_message_header_i
TAO (28497|3084175040) - GIOP_Message_State::get_version_info
TAO (28497|3084175040) - GIOP_Message_State::get_byte_order_info
TAO (28497|3084175040) - Transport[11]::process_parsed_messages,
entering (missing data == 0)
TAO (28497|3084175040) - GIOP_Message_Base::dump_msg, recv GIOP v1.2
msg, 64 data bytes, other endian, Type Request[1]
GIOP message - HEXDUMP 76 bytes
47 49 4f 50 01 02 00 00 00 00 00 40 00 00 00 01 GIOP....... at ....
03 00 00 00 00 00 00 00 00 00 00 17 14 01 0f 00 ................
52 53 54 9f 20 46 47 61 52 07 00 00 00 00 00 01 RST. FGaR.......
00 00 00 00 00 00 00 08 63 74 65 73 74 66 6e 00 ........ctestfn.
00 00 00 00 00 00 00 00 00 02 01 29 ...........)
ctestfn called for 131369 objects
TAO (28497|3084175040) - GIOP_Message_Base::dump_msg, send GIOP v1.2
msg, 131389 data bytes, my endian, Type Reply[1]
GIOP message - HEXDUMP 131401 bytes (showing first 912 bytes)
47 49 4f 50 01 02 01 01 3d 01 02 00 01 00 00 00 GIOP....=.......
00 00 00 00 00 00 00 00 00 00 00 00 29 01 02 00 ............)...
4e 57 4c 52 42 42 4d 51 42 48 43 44 41 52 5a 4f NWLRBBMQBHCDARZO
57 4b 4b 59 48 49 44 44 51 53 43 44 58 52 4a 4d WKKYHIDDQSCDXRJM
4f 57 46 52 58 53 4a 59 42 4c 44 42 45 46 53 41 OWFRXSJYBLDBEFSA
52 43 42 59 4e 45 43 44 59 47 47 58 58 50 4b 4c RCBYNECDYGGXXPKL
4f 52 45 4c 4c 4e 4d 50 41 50 51 46 57 4b 48 4f ORELLNMPAPQFWKHO
50 4b 4d 43 4f 51 48 4e 57 4e 4b 55 45 57 48 53 PKMCOQHNWNKUEWHS
51 4d 47 42 42 55 51 43 4c 4a 4a 49 56 53 57 4d QMGBBUQCLJJIVSWM
44 4b 51 54 42 58 49 58 4d 56 54 52 52 42 4c 4a DKQTBXIXMVTRRBLJ
50 54 4e 53 4e 46 57 5a 51 46 4a 4d 41 46 41 44 PTNSNFWZQFJMAFAD
52 52 57 53 4f 46 53 42 43 4e 55 56 51 48 46 46 RRWSOFSBCNUVQHFF
42 53 41 51 58 57 50 51 43 41 43 45 48 43 48 5a BSAQXWPQCACEHCHZ
56 46 52 4b 4d 4c 4e 4f 5a 4a 4b 50 51 50 58 52 VFRKMLNOZJKPQPXR
4a 58 4b 49 54 5a 59 58 41 43 42 48 48 4b 49 43 JXKITZYXACBHHKIC
51 43 4f 45 4e 44 54 4f 4d 46 47 44 57 44 57 46 QCOENDTOMFGDWDWF
43 47 50 58 49 51 56 4b 55 59 54 44 4c 43 47 44 CGPXIQVKUYTDLCGD
45 57 48 54 41 43 49 4f 48 4f 52 44 54 51 4b 56 EWHTACIOHORDTQKV
57 43 53 47 53 50 51 4f 51 4d 53 42 4f 41 47 55 WCSGSPQOQMSBOAGU
57 4e 4e 59 51 58 4e 5a 4c 47 44 47 57 50 42 54 WNNYQXNZLGDGWPBT
52 57 42 4c 4e 53 41 44 45 55 47 55 55 4d 4f 51 RWBLNSADEUGUUMOQ
43 44 52 55 42 45 54 4f 4b 59 58 48 4f 41 43 48 CDRUBETOKYXHOACH
57 44 56 4d 58 58 52 44 52 59 58 4c 4d 4e 44 51 WDVMXXRDRYXLMNDQ
54 55 4b 57 41 47 4d 4c 45 4a 55 55 4b 57 43 49 TUKWAGMLEJUUKWCI
42 58 55 42 55 4d 45 4e 4d 45 59 41 54 44 52 4d BXUBUMENMEYATDRM
59 44 49 41 4a 58 4c 4f 47 48 49 51 46 4d 5a 48 YDIAJXLOGHIQFMZH
4c 56 49 48 4a 4f 55 56 53 55 59 4f 59 50 41 59 LVIHJOUVSUYOYPAY
55 4c 59 45 49 4d 55 4f 54 45 48 5a 52 49 49 43 ULYEIMUOTEHZRIIC
46 53 4b 50 47 47 4b 42 42 49 50 5a 5a 52 5a 55 FSKPGGKBBIPZZRZU
43 58 41 4d 4c 55 44 46 59 4b 47 52 55 4f 57 5a CXAMLUDFYKGRUOWZ
47 49 4f 4f 4f 42 50 50 4c 45 51 4c 57 50 48 41 GIOOOBPPLEQLWPHA
50 4a 4e 41 44 51 48 44 43 4e 56 57 44 54 58 4a PJNADQHDCNVWDTXJ
42 4d 59 50 50 50 48 41 55 58 4e 53 50 55 53 47 BMYPPPHAUXNSPUSG
44 48 49 49 58 51 4d 42 46 4a 58 4a 43 56 55 44 DHIIXQMBFJXJCVUD
4a 53 55 59 49 42 59 45 42 4d 57 53 49 51 59 4f JSUYIBYEBMWSIQYO
59 47 59 58 59 4d 5a 45 56 59 50 5a 56 4a 45 47 YGYXYMZEVYPZVJEG
45 42 45 4f 43 46 55 46 54 53 58 44 49 58 54 49 EBEOCFUFTSXDIXTI
47 53 49 45 45 48 4b 43 48 5a 44 46 4c 49 4c 52 GSIEEHKCHZDFLILR
4a 51 46 4e 58 5a 54 51 52 53 56 42 53 50 4b 59 JQFNXZTQRSVBSPKY
48 53 45 4e 42 50 50 4b 51 54 50 44 44 42 55 4f HSENBPPKQTPDDBUO
54 42 42 51 43 57 49 56 52 46 58 4a 55 4a 4a 44 TBBQCWIVRFXJUJJD
44 4e 54 47 45 49 51 56 44 47 41 49 4a 56 57 43 DNTGEIQVDGAIJVWC
59 41 55 42 57 45 57 50 4a 56 59 47 45 48 4c 4a YAUBWEWPJVYGEHLJ
58 45 50 42 50 49 57 55 51 5a 44 5a 55 42 44 55 XEPBPIWUQZDZUBDU
42 5a 56 41 46 53 50 51 50 51 57 55 5a 49 46 57 BZVAFSPQPQWUZIFW
4f 56 59 44 44 57 59 56 56 42 55 52 43 5a 4d 47 OVYDDWYVVBURCZMG
59 4a 47 46 44 58 56 54 4e 55 4e 4e 45 53 4c 53 YJGFDXVTNUNNESLS
50 4c 57 55 49 55 50 46 58 4c 5a 42 4b 4e 48 4b PLWUIUPFXLZBKNHK
57 50 50 41 4e 4c 54 43 46 49 52 4a 43 44 44 53 WPPANLTCFIRJCDDS
4f 5a 4f 59 56 45 47 55 52 46 57 43 53 46 4d 4f OZOYVEGURFWCSFMO
58 45 51 4d 52 4a 4f 57 52 47 48 57 4c 4b 4f 42 XEQMRJOWRGHWLKOB
4d 45 41 48 4b 47 43 43 4e 41 45 48 48 53 56 45 MEAHKGCCNAEHHSVE
59 4d 51 50 58 48 4c 52 4e 55 4e 59 46 44 5a 52 YMQPXHLRNUNYFDZR
48 42 41 53 4a 45 55 59 47 41 46 4f 55 42 55 54 HBASJEUYGAFOUBUT
50 4e 49 4d 55 57 46 4a 51 53 4a 58 56 4b 51 44 PNIMUWFJQSJXVKQD
4f 52 58 58 56 52 57 43 54 44 53 4e 45 4f 47 56 ORXXVRWCTDSNEOGV
42 50 4b 58 4c 50 47 44 49 52 42 46 43 52 49 51 BPKXLPGDIRBFCRIQ
TAO (28497|3084175040) - Transport[11]::cleanup_queue, byte_count =
131400
TAO (28497|3084175040) - Transport[11]::cleanup_queue, after transfer,
bc = 0, all_sent = 0, ml = 1
TAO (28497|3084175040) - Transport[11]::drain_queue_helper, byte_count =
131400, head_is_empty = 0
TAO (28497|3084175040) - Transport[11]::drain_queue_i, helper retval = 1
TAO (28497|3084175040) - Transport[11]::send_reply_message_i, preparing
to add to queue before leaving
TAO (28497|3084175040) - Transport[11]::handle_output
TAO (28497|3084175040) - Transport[11]::cleanup_queue, byte_count = 1
TAO (28497|3084175040) - Transport[11]::cleanup_queue, after transfer,
bc = 0, all_sent = 1, ml = 0
TAO (28497|3084175040) - Transport[11]::drain_queue_helper, byte_count =
1, head_is_empty = 1
TAO (28497|3084175040) - Transport[11]::drain_queue_i, helper retval = 1
TAO (28497|3084175040) - Transport[11]::handle_output, drain_queue
returns 0/12
The data contents are OK, it's random text data. The client reports
success in receiving the data, but the server crashes. With one byte
less of data, it results in the initial transmission of 131400 bytes,
and the system doesn't have to loop to send the remainder of the data,
and the server works. 131401 bytes to send, it sends the first 131400,
eventually is able to send the last byte of data, and then crashes.
Regards,
Andre Kostur
Incognito Software Inc.
Senior Software Design Engineer
T: +1(604)678-2864
F: +1(604)688-4339
E: akostur at incognito.com
www.incognito.com
----------
More information about the Ace-users
mailing list