You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Chris Darroch (JIRA)" <ji...@apache.org> on 2006/11/07 01:37:37 UTC
[jira] Created: (AXIS2C-394) element free segfaults if namespace
reused
element free segfaults if namespace reused
------------------------------------------
Key: AXIS2C-394
URL: http://issues.apache.org/jira/browse/AXIS2C-394
Project: Axis2-C
Issue Type: Bug
Components: xml/om
Affects Versions: 0.95
Reporter: Chris Darroch
If you create a namespace with axiom_namespace_create() and then create two
sibling elements using axiom_element_create(), passing them both the namespace pointer,
then both elements add the namespace pointer to their internal namespace hash,
because neither finds declated it in any of the ancerstor elements.
Then when you call axiom_node_free_tree(), you get a segfault when axiom_element_free() runs
for the second element, because it calls axiom_namespace_free() on a namespace that
the first element already freed. Both elements treat the namespace as if it was private to
themselves and add it to their internal namespace hashes, and then both try to free it.
I think some kind of reference counting will be required here. I'll try to make up a patch tonight
and post it here.
If I may just say so, though ... this is why trying to do alloc/free on everything is hard! It would
be so much easier if you were using APR memory pools! Then you could make lots of
pointers (like these internal namespace hash pointers) and not worry about reference
counting, and when you were *totally* done with everything, just clear or destroy the pool.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
[jira] Resolved: (AXIS2C-394) element free segfaults if namespace
reused
Posted by "Dinesh Premalal (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/AXIS2C-394?page=all ]
Dinesh Premalal resolved AXIS2C-394.
------------------------------------
Fix Version/s: Current (Nightly)
Resolution: Fixed
> element free segfaults if namespace reused
> ------------------------------------------
>
> Key: AXIS2C-394
> URL: http://issues.apache.org/jira/browse/AXIS2C-394
> Project: Axis2-C
> Issue Type: Bug
> Components: xml/om
> Affects Versions: 0.95
> Reporter: Chris Darroch
> Assigned To: Dinesh Premalal
> Fix For: Current (Nightly)
>
> Attachments: axis2c-394.patch
>
>
> If you create a namespace with axiom_namespace_create() and then create two
> sibling elements using axiom_element_create(), passing them both the namespace pointer,
> then both elements add the namespace pointer to their internal namespace hash,
> because neither finds declated it in any of the ancerstor elements.
> Then when you call axiom_node_free_tree(), you get a segfault when axiom_element_free() runs
> for the second element, because it calls axiom_namespace_free() on a namespace that
> the first element already freed. Both elements treat the namespace as if it was private to
> themselves and add it to their internal namespace hashes, and then both try to free it.
> I think some kind of reference counting will be required here. I'll try to make up a patch tonight
> and post it here.
> If I may just say so, though ... this is why trying to do alloc/free on everything is hard! It would
> be so much easier if you were using APR memory pools! Then you could make lots of
> pointers (like these internal namespace hash pointers) and not worry about reference
> counting, and when you were *totally* done with everything, just clear or destroy the pool.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
[jira] Commented: (AXIS2C-394) element free segfaults if namespace
reused
Posted by "Dinesh Premalal (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/AXIS2C-394?page=comments#action_12447892 ]
Dinesh Premalal commented on AXIS2C-394:
----------------------------------------
Hi Chris,
patch applied ! It fixed segmentation fault as you reported. I tested with attributes also, but no segfaults occur :). Ill attach my testing code here with.
many thanks for the patch .
> element free segfaults if namespace reused
> ------------------------------------------
>
> Key: AXIS2C-394
> URL: http://issues.apache.org/jira/browse/AXIS2C-394
> Project: Axis2-C
> Issue Type: Bug
> Components: xml/om
> Affects Versions: 0.95
> Reporter: Chris Darroch
> Assigned To: Dinesh Premalal
> Attachments: axis2c-394.patch
>
>
> If you create a namespace with axiom_namespace_create() and then create two
> sibling elements using axiom_element_create(), passing them both the namespace pointer,
> then both elements add the namespace pointer to their internal namespace hash,
> because neither finds declated it in any of the ancerstor elements.
> Then when you call axiom_node_free_tree(), you get a segfault when axiom_element_free() runs
> for the second element, because it calls axiom_namespace_free() on a namespace that
> the first element already freed. Both elements treat the namespace as if it was private to
> themselves and add it to their internal namespace hashes, and then both try to free it.
> I think some kind of reference counting will be required here. I'll try to make up a patch tonight
> and post it here.
> If I may just say so, though ... this is why trying to do alloc/free on everything is hard! It would
> be so much easier if you were using APR memory pools! Then you could make lots of
> pointers (like these internal namespace hash pointers) and not worry about reference
> counting, and when you were *totally* done with everything, just clear or destroy the pool.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
[jira] Updated: (AXIS2C-394) element free segfaults if namespace
reused
Posted by "Chris Darroch (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/AXIS2C-394?page=all ]
Chris Darroch updated AXIS2C-394:
---------------------------------
Attachment: axis2c-394.patch
This is an inelegant patch because it requires
co-ordination between the element and namespace
"classes", but it does prevent the core dump.
Looking at the code of axiom_element_free(), I suspect
similar segfaults can be triggered if someone creates
an attribute and then uses it for several different elements,
because again I see some internal axis2_hash bookkeeping
in the element operation functions. I haven't tested this,
so there may not be a problem, but I'd suggest taking a
look at it. Thanks!
> element free segfaults if namespace reused
> ------------------------------------------
>
> Key: AXIS2C-394
> URL: http://issues.apache.org/jira/browse/AXIS2C-394
> Project: Axis2-C
> Issue Type: Bug
> Components: xml/om
> Affects Versions: 0.95
> Reporter: Chris Darroch
> Attachments: axis2c-394.patch
>
>
> If you create a namespace with axiom_namespace_create() and then create two
> sibling elements using axiom_element_create(), passing them both the namespace pointer,
> then both elements add the namespace pointer to their internal namespace hash,
> because neither finds declated it in any of the ancerstor elements.
> Then when you call axiom_node_free_tree(), you get a segfault when axiom_element_free() runs
> for the second element, because it calls axiom_namespace_free() on a namespace that
> the first element already freed. Both elements treat the namespace as if it was private to
> themselves and add it to their internal namespace hashes, and then both try to free it.
> I think some kind of reference counting will be required here. I'll try to make up a patch tonight
> and post it here.
> If I may just say so, though ... this is why trying to do alloc/free on everything is hard! It would
> be so much easier if you were using APR memory pools! Then you could make lots of
> pointers (like these internal namespace hash pointers) and not worry about reference
> counting, and when you were *totally* done with everything, just clear or destroy the pool.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
[jira] Commented: (AXIS2C-394) element free segfaults if namespace
reused
Posted by "Dinesh Premalal (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/AXIS2C-394?page=comments#action_12447895 ]
Dinesh Premalal commented on AXIS2C-394:
----------------------------------------
sorry ... It gives segfault with attribute also. Will open a jira.
> element free segfaults if namespace reused
> ------------------------------------------
>
> Key: AXIS2C-394
> URL: http://issues.apache.org/jira/browse/AXIS2C-394
> Project: Axis2-C
> Issue Type: Bug
> Components: xml/om
> Affects Versions: 0.95
> Reporter: Chris Darroch
> Assigned To: Dinesh Premalal
> Attachments: axis2c-394.patch
>
>
> If you create a namespace with axiom_namespace_create() and then create two
> sibling elements using axiom_element_create(), passing them both the namespace pointer,
> then both elements add the namespace pointer to their internal namespace hash,
> because neither finds declated it in any of the ancerstor elements.
> Then when you call axiom_node_free_tree(), you get a segfault when axiom_element_free() runs
> for the second element, because it calls axiom_namespace_free() on a namespace that
> the first element already freed. Both elements treat the namespace as if it was private to
> themselves and add it to their internal namespace hashes, and then both try to free it.
> I think some kind of reference counting will be required here. I'll try to make up a patch tonight
> and post it here.
> If I may just say so, though ... this is why trying to do alloc/free on everything is hard! It would
> be so much easier if you were using APR memory pools! Then you could make lots of
> pointers (like these internal namespace hash pointers) and not worry about reference
> counting, and when you were *totally* done with everything, just clear or destroy the pool.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org
[jira] Assigned: (AXIS2C-394) element free segfaults if namespace
reused
Posted by "Dinesh Premalal (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/AXIS2C-394?page=all ]
Dinesh Premalal reassigned AXIS2C-394:
--------------------------------------
Assignee: Dinesh Premalal
> element free segfaults if namespace reused
> ------------------------------------------
>
> Key: AXIS2C-394
> URL: http://issues.apache.org/jira/browse/AXIS2C-394
> Project: Axis2-C
> Issue Type: Bug
> Components: xml/om
> Affects Versions: 0.95
> Reporter: Chris Darroch
> Assigned To: Dinesh Premalal
> Attachments: axis2c-394.patch
>
>
> If you create a namespace with axiom_namespace_create() and then create two
> sibling elements using axiom_element_create(), passing them both the namespace pointer,
> then both elements add the namespace pointer to their internal namespace hash,
> because neither finds declated it in any of the ancerstor elements.
> Then when you call axiom_node_free_tree(), you get a segfault when axiom_element_free() runs
> for the second element, because it calls axiom_namespace_free() on a namespace that
> the first element already freed. Both elements treat the namespace as if it was private to
> themselves and add it to their internal namespace hashes, and then both try to free it.
> I think some kind of reference counting will be required here. I'll try to make up a patch tonight
> and post it here.
> If I may just say so, though ... this is why trying to do alloc/free on everything is hard! It would
> be so much easier if you were using APR memory pools! Then you could make lots of
> pointers (like these internal namespace hash pointers) and not worry about reference
> counting, and when you were *totally* done with everything, just clear or destroy the pool.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-c-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-c-dev-help@ws.apache.org