[PATCH] bad structure access in ORBit 0.5.17

From: Matt Wilson <msw gimp org>
To: orbit-list gnome org
Subject: [PATCH] bad structure access in ORBit 0.5.17
Date: Wed, 2 Apr 2003 12:25:31 -0500

On some platforms (IA64, AMD64), structure padding for alignment
requires adjustments when accessing structure members.  Attached is a
patch to fix crashes due to reading structures incorrectly, especially
for CORBA_tk_struct.

http://bugzilla.gnome.org/show_bug.cgi?id=109799

Cheers,

Matt
msw@redhat.com
--
Matt Wilson
Manager, Base Operating Systems
Red Hat, Inc.

--- ORBit-0.5.17/src/orb/allocators.c.alignment	2003-04-01 18:51:46.000000000 -0500
+++ ORBit-0.5.17/src/orb/allocators.c	2003-04-02 05:28:36.000000000 -0500
@@ -185,9 +185,11 @@
 	case CORBA_tk_except:
 	case CORBA_tk_struct:
 		mem = ALIGN_ADDRESS (mem, ORBit_find_alignment (tc));
-		for (i = 0; i < tc->sub_parts; i++)
+		for (i = 0; i < tc->sub_parts; i++) {
+			mem = ALIGN_ADDRESS (mem, ORBit_find_alignment (tc->subtypes[i]));
 			mem = ORBit_free_via_TypeCode (
 				mem, &tc->subtypes[i], CORBA_TRUE);
+		}
 		retval = mem;
 		break;
 	case CORBA_tk_union: {
--- ORBit-0.5.17/src/orb/corba_any.c.alignment	2002-06-06 07:07:39.000000000 -0400
+++ ORBit-0.5.17/src/orb/corba_any.c	2003-04-02 06:35:53.000000000 -0500
@@ -169,6 +169,7 @@
     case CORBA_tk_struct:
 	*val = ALIGN_ADDRESS(*val, ORBit_find_alignment(tc));
 	for(i = 0; i < tc->sub_parts; i++) {
+	    *val = ALIGN_ADDRESS(*val, ORBit_find_alignment(tc->subtypes[i]));
 	    ORBit_marshal_value(buf, val, tc->subtypes[i], mi);
 	}
 	break;
@@ -197,9 +198,10 @@
 	}
 	break;
     case CORBA_tk_wstring:
+	*val = ALIGN_ADDRESS(*val, ALIGNOF_CORBA_POINTER);
+
 	ulval = strlen(*(char **)*val) + 1;
 
-	*val = ALIGN_ADDRESS(*val, ALIGNOF_CORBA_POINTER);
 	giop_send_buffer_append_mem_indirect_a(buf,
 					       &ulval,
 					       sizeof(CORBA_unsigned_long));
@@ -208,10 +210,10 @@
 	*val = ((guchar *)*val) + sizeof(char *);
 	break;
     case CORBA_tk_string:
-	ulval = strlen(*(char **)*val) + 1;
-	
 	*val = ALIGN_ADDRESS(*val, ALIGNOF_CORBA_POINTER);
 
+	ulval = strlen(*(char **)*val) + 1;
+	
 	giop_send_buffer_append_mem_indirect_a(buf,
 					       &ulval,
 					       sizeof(CORBA_unsigned_long));
@@ -595,6 +597,7 @@
     case CORBA_tk_struct:
 	*val = ALIGN_ADDRESS(*val, ORBit_find_alignment(tc));
 	for(i = 0; i < tc->sub_parts; i++) {
+	    *val = ALIGN_ADDRESS(*val, ORBit_find_alignment(tc->subtypes[i]));
 	    ORBit_demarshal_value(buf, val, tc->subtypes[i], dup_strings, orb);
 	}
 	break;
@@ -820,6 +823,8 @@
 	*val = ALIGN_ADDRESS(*val, ORBit_find_alignment(tc));
 	*newval = ALIGN_ADDRESS(*newval, ORBit_find_alignment(tc));
 	for(i = 0; i < tc->sub_parts; i++) {
+	    *val = ALIGN_ADDRESS(*val, ORBit_find_alignment(tc->subtypes[i]));
+	    *newval = ALIGN_ADDRESS(*newval, ORBit_find_alignment(tc->subtypes[i]));
 	    _ORBit_copy_value(val, newval, tc->subtypes[i]);
 	}
 	break;
--- ORBit-0.5.17/src/orb/orbit.c.alignment	2003-04-01 19:02:40.000000000 -0500
+++ ORBit-0.5.17/src/orb/orbit.c	2003-04-02 06:33:28.000000000 -0500
@@ -230,9 +230,12 @@
 		*a = ALIGN_ADDRESS (*a, ORBit_find_alignment (tc));
 		*b = ALIGN_ADDRESS (*b, ORBit_find_alignment (tc));
 
-		for (i = 0; i < tc->sub_parts; i++)
+		for (i = 0; i < tc->sub_parts; i++) {
+			*a = ALIGN_ADDRESS (*a, ORBit_find_alignment (tc->subtypes[i]));
+			*b = ALIGN_ADDRESS (*b, ORBit_find_alignment (tc->subtypes[i]));
 			if (!ORBit_value_equivalent (a, b, tc->subtypes [i], ev))
 				return FALSE;
+		}
 
 		return TRUE;
 	}

Follow-Ups:
- Re: [PATCH] bad structure access in ORBit 0.5.17
  - From: Michael Meeks

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]