[omniORB] Bug in the cdrStream::unmarshalRawString
Serguei Kolos
Serguei.Kolos at cern.ch
Mon Mar 13 16:07:56 GMT 2006
Hello
As a follow up - the reported issue might be more complicated when one
would look
to it carefully. On many platforms malloc(0) returns a valid address,
which means that
one can not recognize 0-length strings by pointers to them. The only way
to know something
about that string is to call the strlen function. The issue is that
strlen tries to find the first
zero in the given string, which has two consequences:
1. it reads at least 1 byte of unallocated memory
2. it seems there is no guarantee that 0-length memory pointer will
always points to the byte
with zero value, in which case situation may be even worse and
strlen may return incorrect
string length.
May be it is worth thinking about returning 0 as a pointer to 0-length
string from
the cdrStream::unmarshalRawString function?
Cheers,
Sergei
Serguei Kolos wrote:
> Hello
>
> I believe there is a bug in the cdrStream::unmarshalRawString function
> (src/lib/omniORB/orbcore/corbaString.cc file). If the length of the
> unmarshalled
> string is zero (variable len, which is equal to string length + 1, is
> 1), the line 183 of
> that file reads unallocated byte and throws an exception if this byte
> is not 0.
>
> 183: if (s[len-1] != '\0')
> 184: OMNIORB_THROW(MARSHAL,MARSHAL_StringNotEndWithNull,
> 185: (CORBA::CompletionStatus)completion());
>
> Cheers,
> Sergei
>
> PS: the bug has been found with valgrind
>
> _______________________________________________
> omniORB-list mailing list
> omniORB-list at omniorb-support.com
> http://www.omniorb-support.com/mailman/listinfo/omniorb-list
More information about the omniORB-list
mailing list