You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-dev@axis.apache.org by "Ivan Pechorin (JIRA)" <ji...@apache.org> on 2010/10/30 22:45:19 UTC
[jira] Created: (AXIS2C-1499) double-freeing in
axis2_http_worker_process_request()
double-freeing in axis2_http_worker_process_request()
-----------------------------------------------------
Key: AXIS2C-1499
URL: https://issues.apache.org/jira/browse/AXIS2C-1499
Project: Axis2-C
Issue Type: Bug
Components: core/transport
Affects Versions: 1.7.0
Environment: Windows 7, Visual Studio 2010, 32-bit build
Reporter: Ivan Pechorin
It seems like change from svn revision #961258 (a fix for https://issues.apache.org/jira/browse/AXIS2C-1472), results in double-freeing of freed memory. I hit it every time when processing a request with wrong URI (such as request to non-existent or misspelled service).
The first time is when we free fault_ctx->soap_envelope (thanks to this patch), here is the call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0, const axutil_env * env=0x03a48478)
msg_ctx.c:426
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580)
http_worker.c:1076
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
The second time we free the same soap envelope as msg_ctx->fault_soap_envelope when called from http_worker.c, line 1830:
else
{
/* cases like HEAD, WSDL */
axis2_msg_ctx_free(msg_ctx, env);
}
Here is the corresponding call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78, const axutil_env * env=0x03a48478) Line 434 C
msg_ctx.c:431
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580) Line 1833 C
http_worker.cpp:1830
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
I had to revert this particular change from revision #961258 in my working copy. And there are no problems with double freeing anymore after reverting.
Details of my platform:
- compiler: Visual C++ 2010, 32-bit release build
- OS: Windows 7 64-bit
P.S. If there is such need, I'll try to reproduce the problem on other platforms, such as Linux, Solaris or HP-UX.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Commented: (AXIS2C-1499) double-freeing in
axis2_http_worker_process_request()
Posted by "Scott Wilson (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1499?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12928870#action_12928870 ]
Scott Wilson commented on AXIS2C-1499:
--------------------------------------
I have run into the same problem. In an effort to work around the problem I first tried increasing
the reference count on the soap envelope as it is copied from the processing_context's
fault_soap_envelope to the fault_ctx's soap_envelope in axis2_engine_create_fault_msg_ctx()
(src/core/engine/engine.c) . While this prevented the double freeing of the envelope, there were
then problems with the transport stream and info.
Thinking then that this is a transfer rather than a copy, I made these changes to
axis2_engine_create_fault_msg_ctx and so far they are working for me, although I have no idea if this
is the right thing to do:
- after the transport stream is gotten from the processing context and set in the fault context, I added:
axis2_msg_ctx_reset_transport_out_stream(processing_context, env);
- at the end of the function before the return statement I added:
axis2_msg_ctx_set_fault_soap_envelope(processing_context, env, NULL);
axis2_msg_ctx_reset_out_transport_info(processing_context, env);
FYI, I've tested these changes on Ubuntu 10.04 using modifications I made to the allocation code
to use mmap and munmap that catch use of freed memory and double frees.
> double-freeing in axis2_http_worker_process_request()
> -----------------------------------------------------
>
> Key: AXIS2C-1499
> URL: https://issues.apache.org/jira/browse/AXIS2C-1499
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.7.0
> Environment: Windows 7, Visual Studio 2010, 32-bit build
> Reporter: Ivan Pechorin
>
> It seems like change from svn revision #961258 (a fix for https://issues.apache.org/jira/browse/AXIS2C-1472 ), results in double-freeing of freed memory. I hit it every time when processing a request with wrong URI (such as request to non-existent or misspelled service).
> The first time is when we free fault_ctx->soap_envelope (thanks to this patch), here is the call stack:
> > axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
> axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0, const axutil_env * env=0x03a48478)
> msg_ctx.c:426
> axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580)
> http_worker.c:1076
> axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
> axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
> The second time we free the same soap envelope as msg_ctx->fault_soap_envelope when called from http_worker.c, line 1830:
> else
> {
> /* cases like HEAD, WSDL */
> axis2_msg_ctx_free(msg_ctx, env);
> }
> Here is the corresponding call stack:
> > axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
> axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78, const axutil_env * env=0x03a48478) Line 434 C
> msg_ctx.c:431
> axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580) Line 1833 C
> http_worker.cpp:1830
> axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
> axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
> I had to revert this particular change from revision #961258 in my working copy. And there are no problems with double freeing anymore after reverting.
> Details of my platform:
> - compiler: Visual C++ 2010, 32-bit release build
> - OS: Windows 7 64-bit
> P.S. If there is such need, I'll try to reproduce the problem on other platforms, such as Linux, Solaris or HP-UX.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org
[jira] Updated: (AXIS2C-1499) double-freeing in
axis2_http_worker_process_request()
Posted by "Ivan Pechorin (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2C-1499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivan Pechorin updated AXIS2C-1499:
----------------------------------
Description:
It seems like change from svn revision #961258 (a fix for https://issues.apache.org/jira/browse/AXIS2C-1472 ), results in double-freeing of freed memory. I hit it every time when processing a request with wrong URI (such as request to non-existent or misspelled service).
The first time is when we free fault_ctx->soap_envelope (thanks to this patch), here is the call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0, const axutil_env * env=0x03a48478)
msg_ctx.c:426
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580)
http_worker.c:1076
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
The second time we free the same soap envelope as msg_ctx->fault_soap_envelope when called from http_worker.c, line 1830:
else
{
/* cases like HEAD, WSDL */
axis2_msg_ctx_free(msg_ctx, env);
}
Here is the corresponding call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78, const axutil_env * env=0x03a48478) Line 434 C
msg_ctx.c:431
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580) Line 1833 C
http_worker.cpp:1830
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
I had to revert this particular change from revision #961258 in my working copy. And there are no problems with double freeing anymore after reverting.
Details of my platform:
- compiler: Visual C++ 2010, 32-bit release build
- OS: Windows 7 64-bit
P.S. If there is such need, I'll try to reproduce the problem on other platforms, such as Linux, Solaris or HP-UX.
was:
It seems like change from svn revision #961258 (a fix for https://issues.apache.org/jira/browse/AXIS2C-1472), results in double-freeing of freed memory. I hit it every time when processing a request with wrong URI (such as request to non-existent or misspelled service).
The first time is when we free fault_ctx->soap_envelope (thanks to this patch), here is the call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0, const axutil_env * env=0x03a48478)
msg_ctx.c:426
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580)
http_worker.c:1076
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
The second time we free the same soap envelope as msg_ctx->fault_soap_envelope when called from http_worker.c, line 1830:
else
{
/* cases like HEAD, WSDL */
axis2_msg_ctx_free(msg_ctx, env);
}
Here is the corresponding call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78, const axutil_env * env=0x03a48478) Line 434 C
msg_ctx.c:431
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580) Line 1833 C
http_worker.cpp:1830
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
I had to revert this particular change from revision #961258 in my working copy. And there are no problems with double freeing anymore after reverting.
Details of my platform:
- compiler: Visual C++ 2010, 32-bit release build
- OS: Windows 7 64-bit
P.S. If there is such need, I'll try to reproduce the problem on other platforms, such as Linux, Solaris or HP-UX.
> double-freeing in axis2_http_worker_process_request()
> -----------------------------------------------------
>
> Key: AXIS2C-1499
> URL: https://issues.apache.org/jira/browse/AXIS2C-1499
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.7.0
> Environment: Windows 7, Visual Studio 2010, 32-bit build
> Reporter: Ivan Pechorin
>
> It seems like change from svn revision #961258 (a fix for https://issues.apache.org/jira/browse/AXIS2C-1472 ), results in double-freeing of freed memory. I hit it every time when processing a request with wrong URI (such as request to non-existent or misspelled service).
> The first time is when we free fault_ctx->soap_envelope (thanks to this patch), here is the call stack:
> > axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
> axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0, const axutil_env * env=0x03a48478)
> msg_ctx.c:426
> axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580)
> http_worker.c:1076
> axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
> axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
> The second time we free the same soap envelope as msg_ctx->fault_soap_envelope when called from http_worker.c, line 1830:
> else
> {
> /* cases like HEAD, WSDL */
> axis2_msg_ctx_free(msg_ctx, env);
> }
> Here is the corresponding call stack:
> > axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope * soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
> axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78, const axutil_env * env=0x03a48478) Line 434 C
> msg_ctx.c:431
> axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker * http_worker=0x03a47700, const axutil_env * env=0x03a48478, axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request * simple_request=0x03a48580) Line 1833 C
> http_worker.cpp:1830
> axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t * thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
> axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
> I had to revert this particular change from revision #961258 in my working copy. And there are no problems with double freeing anymore after reverting.
> Details of my platform:
> - compiler: Visual C++ 2010, 32-bit release build
> - OS: Windows 7 64-bit
> P.S. If there is such need, I'll try to reproduce the problem on other platforms, such as Linux, Solaris or HP-UX.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: c-dev-help@axis.apache.org