[omniORB] Memory leaks and array bound read/write errors in omniORB 3.0.4
Venkateswara Rao Kanaparthi
kvrao@winphoria.com
Thu Jul 25 15:10:02 2002
Hello,
Update to my earlier posting.
We could fix all the memory leaks which I reported earlier.
We needed to do some code change. Sorry for reporting them.
However we are still getting other errors.
Regards,
KV
Venkateswara Rao Kanaparthi wrote:
> Hello,
>
> We have developed a CORBA server using omniORB. (3.0.4).
>
> Upon running the purified process we came across the following errors
> (lots of them):
>
> "UMR: Uninitialized memory read",
> "BSW: Beyond stack write error"
> "ABR: Array bounds read" and
> "ABW: Array bounds write"
>
> mostly in,
>
> omni_condition::wait()
> omni_semaphore::wait() and
> omni_semaphore::post().
>
> In addition to the above we observed lots of Memory leaks too in
>
> CORBA::UnMarshalObjRef(const char*,NetBufferedStream&) [libomniORB3.a]
> and in
> omni::createObjRef()
>
> Could someone help us in fixing the above? Any hints of why these are
> coming and how they could be fixed? Are these errors already fixed in
> later versions?
>
>
> Please let me know if I am missing something.
>
> I am copying the purify log below for reference.
>
> Thanks in advance for any hints/help.
> KV
>
>
> ==============================================================
> Details in brief:
>
> omniORB 3.0.4
> gcc version 2.95.2 19991024 (release)
> SunOS master 5.8 Generic_108528-14 sun4u sparc SUNW,Ultra-250
> ==============================================================
>
>
> [ ........ PURIFY LOG ........]
>
>
> Purify instrumented parlay_cps (pid 22416 at Wed Jul 24 17:33:39
> 2002)
> Purify 5.3 Solaris 2 (32-bit), Copyright (C) 1992-2001 Rational
> Software Corp. All rights reserved.
> For contact information type: "purify -help"
> For TTY output, use the option "-windows=no"
> Options settings: -max_threads=40 -max_threads=40 -max_threads=40
> -purify \
> -purify-home=/opt/rational/releases/purify-5.3-solaris2 \
> -ignore-signals=SIGSEGV -check-mmaps=no -search-mmaps=yes
> -threads=yes \
> -use-internal-locks=yes -thread_stack_change=0x4000
> -mt_safe_malloc=yes
> License successfully checked out.
> Command-line: ./parlay_cps PS01 -ORBInitRef \
> NameService=corbaname::10.50.1.18 -nm 10.50.1.18 file
> -loglevel 191 \
> -nonetlog
>
>
> UMR: Uninitialized memory read
> This is occurring while in thread 7:
> mutex_unlock [libthread.so.1]
> pthread_cond_wait [libthread.so.1]
> omni_condition::wait() [libomnithread.a]
> omniORB_Ripper::run_undetached(void*) [libomniORB3.a]
> omni_thread_wrapper [libomnithread.a]
> _thread_start [libthread.so.1]
> Reading 4 bytes from 0x141fc84 in the heap (2 bytes at 0x141fc85
> uninit).
> Address 0x141fc84 is 76 bytes into a malloc'd block at 0x141fc38
> of 120 bytes.
> This block was allocated from:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> omni_strand_initialiser::attach() [libomniORB3.a]
> CORBA::ORB_init(int&,char**,const char*) [libomniORB3.a]
> main [parlay_cps.cc:28]
>
>
> BSW: Beyond stack write error
> This is occurring while in:
> _flush_store [libthread.so.1]
> cond_wait [libthread.so.1]
> pthread_cond_wait [libthread.so.1]
> omni_condition::wait() [libomnithread.a]
> omniOrbORB::run() [libomniORB3.a]
> main [parlay_cps.cc:52]
> Writing 1 byte to 0xffbee90c.
> Stack pointer 0xffbee91
>
> ABR: Array bounds read (2 times)
> This is occurring while in thread 18:
> omni_semaphore::wait() [libomnithread.a]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:126]
>
> wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
> org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
> [wms_GCCS.cc:270]
>
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:724]
>
> org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_MPCCS_IFSK.cc:180]
> omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*)
> [libomniORB3.a]
> Reading 4 bytes from 0x5e3d08 in the heap.
> Address 0x5e3d08 is 1 byte past end of a malloc'd block at
> 0x5e3cd8 of 48 bytes.
> This block was allocated from thread 18:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
>
> wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
> org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
> [wms_GCCS.cc:270]
>
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:724]
>
> ABR: Array bounds read (10 times)
> This is occurring while in thread 15:
> omni_semaphore::post() [libomnithread.a]
> wms_Parlay_Service_i::recvdMapResponse(int,void*,void*)
> [wms_GS.cc:184]
> MapParseRRLIndic [map_receive.c:1070]
> Mapsend_from_tcap2Ex [map_receive.c:208]
> Mapsend_from_tcap1 [map_receive.c:97]
> is41_received_tcap_message [IS41_nim_handler.c:727]
> Reading 4 bytes from 0x5e3d08 in the heap.
> Address 0x5e3d08 is 1 byte past end of a malloc'd block at
> 0x5e3cd8 of 48 bytes.
> This block was allocated from thread 18:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
>
> wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
> org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
> [wms_GCCS.cc:270]
>
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:724]
>
> ABW: Array bounds write
> This is occurring while in thread 18:
> omni_semaphore??? [libomnithread.a]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
>
> getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out
> [wms_MPCall.cc:144]
>
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
> [ParlayCallControl_MPCCS_IFSK.cc:711]
> omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*)
> [libomniORB3.a]
> omniLocalIdentity::dispatch(GIOP_S&) [libomniORB3.a]
> Writing 4 bytes to 0x5ed958 in the heap.
> Address 0x5ed958 is 1 byte past end of a malloc'd block at
> 0x5ed928 of 48 bytes.
> This block was allocated from thread 18:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
>
> getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out
> [wms_MPCall.cc:144]
>
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
> [ParlayCallControl_MPCCS_IFSK.cc:711]
>
> ABW: Array bounds write
> This is occurring while in thread 18:
> omni_semaphore??? [libomnithread.a]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
> wms_Call_i::release(long,const
> org::parlay::services::callcontrol::TpCallReleaseCause&)
> [wms_Call.cc:696]
>
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
> [ParlayCallControl_MPCCS_IFSK.cc:803]
> omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*)
> [libomniORB3.a]
> Writing 4 bytes to 0x1640a08 in the heap.
> Address 0x1640a08 is 1 byte past end of a malloc'd block at
> 0x16409d8 of 48 bytes.
> This block was allocated from thread 18:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
> wms_Call_i::release(long,const
> org::parlay::services::callcontrol::TpCallReleaseCause&)
> [wms_Call.cc:696]
>
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>
> ABW: Array bounds write
> This is occurring while in thread 18:
> omni_semaphore::wait() [libomnithread.a]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:126]
> wms_Call_i::release(long,const
> org::parlay::services::callcontrol::TpCallReleaseCause&)
> [wms_Call.cc:696]
>
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:2294]
>
> org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
> [ParlayCallControl_MPCCS_IFSK.cc:803]
> omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*)
> [libomniORB3.a]
> Writing 4 bytes to 0x1640a08 in the heap.
> Address 0x1640a08 is 1 byte past end of a malloc'd block at
> 0x16409d8 of 48 bytes.
> This block was allocated from thread 18:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
> wms_Call_i::release(long,const
> org::parlay::services::callcontrol::TpCallReleaseCause&)
> [wms_Call.cc:696]
>
> org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:2294]
> ABW: Array bounds write
> This is occurring while in thread 18:
> omni_semaphore??? [libomnithread.a]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
> wms_CallControlManager_i::disableCallNotification(long)
> [wms_GCCS.cc:366]
>
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:769]
>
> org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_MPCCS_IFSK.cc:180]
> omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*)
> [libomniORB3.a]
> Writing 4 bytes to 0x5e14e0 in the heap.
> Address 0x5e14e0 is 1 byte past end of a malloc'd block at
> 0x5e14b0 of 48 bytes.
> This block was allocated from thread 18:
> malloc [rtlib.o]
> __bUiLtIn_nEw [new1.cc:84]
> __builtin_new [rtlib.o]
> wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
> int,unsigned char) [wms_GS.cc:105]
> wms_CallControlManager_i::disableCallNotification(long)
> [wms_GCCS.cc:366]
>
> org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
> [ParlayCallControl_GCCS_IFSK.cc:769]
>