[omniORB] Memory leaks and array bound read/write errors in omniORB 3.0.4
Venkateswara Rao Kanaparthi
kvrao@winphoria.com
Fri Jul 26 13:41:01 2002
>
>
>What other errors?
>
I have reported these in my earlier posting too.
We came across the following errors:
"UMR: Uninitialized memory read",
"BSW: Beyond stack write error"
"ABR: Array bounds read" and
"ABW: Array bounds write"
mostly in,
omni_condition::wait()
omni_semaphore::wait() and
omni_semaphore::post().
I am copying the purify log below for reference.
Thanks in advance for any hints/help.
KV
==============================================================
Details in brief:
omniORB 3.0.4
gcc version 2.95.2 19991024 (release)
SunOS master 5.8 Generic_108528-14 sun4u sparc SUNW,Ultra-250
==============================================================
[ ........ PURIFY LOG ........]
Purify instrumented parlay_cps (pid 22416 at Wed Jul 24 17:33:39 2002)
Purify 5.3 Solaris 2 (32-bit), Copyright (C) 1992-2001 Rational
Software Corp. All rights reserved.
For contact information type: "purify -help"
For TTY output, use the option "-windows=no"
Options settings: -max_threads=40 -max_threads=40 -max_threads=40
-purify \
-purify-home=/opt/rational/releases/purify-5.3-solaris2 \
-ignore-signals=SIGSEGV -check-mmaps=no -search-mmaps=yes
-threads=yes \
-use-internal-locks=yes -thread_stack_change=0x4000
-mt_safe_malloc=yes
License successfully checked out.
Command-line: ./parlay_cps PS01 -ORBInitRef \
NameService=corbaname::10.50.1.18 -nm 10.50.1.18 file -loglevel
191 \
-nonetlog
UMR: Uninitialized memory read
This is occurring while in thread 7:
mutex_unlock [libthread.so.1]
pthread_cond_wait [libthread.so.1]
omni_condition::wait() [libomnithread.a]
omniORB_Ripper::run_undetached(void*) [libomniORB3.a]
omni_thread_wrapper [libomnithread.a]
_thread_start [libthread.so.1]
Reading 4 bytes from 0x141fc84 in the heap (2 bytes at 0x141fc85
uninit).
Address 0x141fc84 is 76 bytes into a malloc'd block at 0x141fc38 of
120 bytes.
This block was allocated from:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
omni_strand_initialiser::attach() [libomniORB3.a]
CORBA::ORB_init(int&,char**,const char*) [libomniORB3.a]
main [parlay_cps.cc:28]
BSW: Beyond stack write error
This is occurring while in:
_flush_store [libthread.so.1]
cond_wait [libthread.so.1]
pthread_cond_wait [libthread.so.1]
omni_condition::wait() [libomnithread.a]
omniOrbORB::run() [libomniORB3.a]
main [parlay_cps.cc:52]
Writing 1 byte to 0xffbee90c.
Stack pointer 0xffbee91
ABR: Array bounds read (2 times)
This is occurring while in thread 18:
omni_semaphore::wait() [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:126]
wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
[wms_GCCS.cc:270]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:724]
org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:180]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Reading 4 bytes from 0x5e3d08 in the heap.
Address 0x5e3d08 is 1 byte past end of a malloc'd block at 0x5e3cd8
of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
[wms_GCCS.cc:270]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:724]
ABR: Array bounds read (10 times)
This is occurring while in thread 15:
omni_semaphore::post() [libomnithread.a]
wms_Parlay_Service_i::recvdMapResponse(int,void*,void*)
[wms_GS.cc:184]
MapParseRRLIndic [map_receive.c:1070]
Mapsend_from_tcap2Ex [map_receive.c:208]
Mapsend_from_tcap1 [map_receive.c:97]
is41_received_tcap_message [IS41_nim_handler.c:727]
Reading 4 bytes from 0x5e3d08 in the heap.
Address 0x5e3d08 is 1 byte past end of a malloc'd block at 0x5e3cd8
of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::enableCallNotification(org::parlay::services::callcontrol::_objref_IpAppCallControlManager*,const
org::parlay::services::callcontrol::TpCallEventCriteria&,long&)
[wms_GCCS.cc:270]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:724]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore??? [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out
[wms_MPCall.cc:144]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:711]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
omniLocalIdentity::dispatch(GIOP_S&) [libomniORB3.a]
Writing 4 bytes to 0x5ed958 in the heap.
Address 0x5ed958 is 1 byte past end of a malloc'd block at 0x5ed928
of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
getCallLegs__20wms_MultiPartyCall_ilGQ53org6parlay8services11callcontrol26TpCallLegIdentifierSet_out
[wms_MPCall.cc:144]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:711]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore??? [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:803]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Writing 4 bytes to 0x1640a08 in the heap.
Address 0x1640a08 is 1 byte past end of a malloc'd block at
0x16409d8 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore::wait() [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:126]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
org::parlay::services::callcontrol::_impl_IpMultiPartyCall::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:803]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Writing 4 bytes to 0x1640a08 in the heap.
Address 0x1640a08 is 1 byte past end of a malloc'd block at
0x16409d8 of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_Call_i::release(long,const
org::parlay::services::callcontrol::TpCallReleaseCause&) [wms_Call.cc:696]
org::parlay::services::callcontrol::_impl_IpCall::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:2294]
ABW: Array bounds write
This is occurring while in thread 18:
omni_semaphore??? [libomnithread.a]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::disableCallNotification(long)
[wms_GCCS.cc:366]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:769]
org::parlay::services::callcontrol::_impl_IpMultiPartyCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_MPCCS_IFSK.cc:180]
omniOrbPOA::dispatch(GIOP_S&,omniLocalIdentity*) [libomniORB3.a]
Writing 4 bytes to 0x5e14e0 in the heap.
Address 0x5e14e0 is 1 byte past end of a malloc'd block at 0x5e14b0
of 48 bytes.
This block was allocated from thread 18:
malloc [rtlib.o]
__bUiLtIn_nEw [new1.cc:84]
__builtin_new [rtlib.o]
wms_Parlay_Service_i::sendMapRequest(int,void*,unsigned
int,unsigned char) [wms_GS.cc:105]
wms_CallControlManager_i::disableCallNotification(long)
[wms_GCCS.cc:366]
org::parlay::services::callcontrol::_impl_IpCallControlManager::_dispatch(GIOP_S&)
[ParlayCallControl_GCCS_IFSK.cc:769]
>
>Something to be aware of is that many operating system calls and
>standard library functions flag errors in Purify, even when you use
>them completely correctly.
>
Thanks,
KV