Thomas Schmidt
2012-01-09 21:42:23 UTC
Hi,
here's a fix of another double free bug. DataDecoder::get_string_raw() shouldn't free the allocated string. It will usually be freed by the the callers String_var - and this would be the second time this memory area would be freed. CRASH!! DataDecoder::get_string_raw_stl() only uses a C char pointer and so should now free it even on a failed DataDecoder::get_string_raw() evaluation.
Index: codec.cc
===================================================================
RCS file: /usr/src/cvs/Communication/CORBA/mico/orb/codec.cc,v
retrieving revision 1.4
diff -C 4 -r1.4 codec.cc
*** codec.cc 5 Dec 2011 18:53:27 -0000 1.4
--- codec.cc 9 Jan 2012 21:32:23 -0000
***************
*** 451,460 ****
CORBA::Boolean
CORBA::DataDecoder::get_string_raw_stl (string &str)
{
char *s;
! if (!get_string_raw (s))
return FALSE;
str = s;
CORBA::string_free (s);
return TRUE;
}
--- 451,462 ----
CORBA::Boolean
CORBA::DataDecoder::get_string_raw_stl (string &str)
{
char *s;
! if (!get_string_raw (s)) {
! CORBA::string_free (s);
return FALSE;
+ }
str = s;
CORBA::string_free (s);
return TRUE;
}
***************
*** 1991,2003 ****
return FALSE;
s = CORBA::string_alloc (len-1);
if (!buf->get (s.ptr(), len)) {
- CORBA::string_free (s);
return FALSE;
}
if (s[len-1] != 0) {
- CORBA::string_free (s);
return FALSE;
}
return TRUE;
}
--- 1993,2003 ----
Ciao
Thomas
--
Thomas Schmidt
Velgen 1
D-29582 Hanstedt
Tel: +49-4134-236339
Mobil: +49-151-23095598
Skype: ThCSchmidt
Email: ***@gmx.net
PGP: Key-ID: 0x810B6206
here's a fix of another double free bug. DataDecoder::get_string_raw() shouldn't free the allocated string. It will usually be freed by the the callers String_var - and this would be the second time this memory area would be freed. CRASH!! DataDecoder::get_string_raw_stl() only uses a C char pointer and so should now free it even on a failed DataDecoder::get_string_raw() evaluation.
Index: codec.cc
===================================================================
RCS file: /usr/src/cvs/Communication/CORBA/mico/orb/codec.cc,v
retrieving revision 1.4
diff -C 4 -r1.4 codec.cc
*** codec.cc 5 Dec 2011 18:53:27 -0000 1.4
--- codec.cc 9 Jan 2012 21:32:23 -0000
***************
*** 451,460 ****
CORBA::Boolean
CORBA::DataDecoder::get_string_raw_stl (string &str)
{
char *s;
! if (!get_string_raw (s))
return FALSE;
str = s;
CORBA::string_free (s);
return TRUE;
}
--- 451,462 ----
CORBA::Boolean
CORBA::DataDecoder::get_string_raw_stl (string &str)
{
char *s;
! if (!get_string_raw (s)) {
! CORBA::string_free (s);
return FALSE;
+ }
str = s;
CORBA::string_free (s);
return TRUE;
}
***************
*** 1991,2003 ****
return FALSE;
s = CORBA::string_alloc (len-1);
if (!buf->get (s.ptr(), len)) {
- CORBA::string_free (s);
return FALSE;
}
if (s[len-1] != 0) {
- CORBA::string_free (s);
return FALSE;
}
return TRUE;
}
--- 1993,2003 ----
Ciao
Thomas
--
Thomas Schmidt
Velgen 1
D-29582 Hanstedt
Tel: +49-4134-236339
Mobil: +49-151-23095598
Skype: ThCSchmidt
Email: ***@gmx.net
PGP: Key-ID: 0x810B6206