Bug in giop_recv_buffer_unuse()? BiDir GIOP related?



Hi,

I am experimenting with my Brutus sample application. It operates just
fine with identical ORBit2 versions on different machines, but when I
try to connect to the server from the outside of the company firewall it
crashes. The error is always in giop_recv_buffer_unuse().

The setup:

0) ORBit2 is cvs HEAD as of today (2.13.2).

1) Netmask is 255.255.255.0 on all boxes.

2) One server application (Brutus Server) on 10.0.3.4.

3) One client on 10.0.1.4.

4) One remote test client from outside the company firewall (OpenBSD
with pf).

The 10.0.1.4 test client can execute with no problems. The remote test
client always fails in giop_recv_buffer_unuse().

I have opened the port on which the communication is happening (tcp/951)
and enabled BiDir GIOP in the server app. The server answer to the test
client should therefore happen on port 951 as well.

I can see in my firewall logs that a request is indeed coming on the
right port, but the client unconditionally fails in
giop_recv_buffer_unuse() with memory corruption before receiving any
answer.

I really can't see how the firewall could cause this problem, but I
would be very grateful if anyone can point me in the right direction.

Thanks a lot in advance,
  jules


APPENDIX:

I have two outputs showing the problem:

Running the sample app under valgrind gives the following initial
output:

############## Valgrind output ##############
Starting Brutus operations..
    Logging on using the MAPI profile.. ==4558==
==4558== Invalid read of size 1
==4558==    at 0x1B928E5C: giop_recv_buffer_unuse (giop-recv-buffer.c:471)
==4558==    by 0x1B92C92F: ORBit_small_invoke_stub (orbit-small.c:686)
==4558==    by 0x1B92CA43: ORBit_small_invoke_stub_n (orbit-small.c:575)
==4558==    by 0x1B93D0F0: ORBit_c_stub_invoke (poa.c:2644)
==4558==    by 0x80675EE: BRUTUS_BrutusLogOn_Logon (BrutusLogOn-stubs.c:29)
==4558==    by 0x805BC2E: main (main.c:782)
==4558==  Address 0x1B9C292C is 100 bytes inside a block of size 104 free'd
==4558==    at 0x1B909743: free (vg_replace_malloc.c:152)
==4558==    by 0x40CC23: g_free (in /usr/lib/libglib-2.0.so.0.600.6)
==4558==    by 0x1B928E8A: giop_recv_buffer_unuse (giop-recv-buffer.c:511)
==4558==    by 0x1B92EE21: ORBit_handle_location_forward (corba-object.c:420)
==4558==    by 0x1B92C2F1: orbit_small_demarshal (orbit-small.c:532)
==4558==    by 0x1B92C8C0: ORBit_small_invoke_stub (orbit-small.c:660)
==4558==    by 0x1B92CA43: ORBit_small_invoke_stub_n (orbit-small.c:575)
==4558==    by 0x1B93D0F0: ORBit_c_stub_invoke (poa.c:2644)
==4558==    by 0x80675EE: BRUTUS_BrutusLogOn_Logon (BrutusLogOn-stubs.c:29)
==4558==    by 0x805BC2E: main (main.c:782)


The output on the command is:

############## Command line output ##############
Starting Brutus operations..
    Logging on using the MAPI profile.. *** glibc detected *** ./brutus_client: double free or corruption (!prev): 0x09098e78 ***
======= Backtrace: =========
/lib/libc.so.6[0x9ea124]
/lib/libc.so.6(__libc_free+0x77)[0x9ea65f]
/usr/lib/libglib-2.0.so.0(g_free+0x22)[0x40cc24]
/home/colding/opt/lib/libORBit-2.so.0(giop_recv_buffer_unuse+0x47)[0x1b9e8b]
/home/colding/opt/lib/libORBit-2.so.0(ORBit_small_invoke_stub+0x188)[0x1bd930]
/home/colding/opt/lib/libORBit-2.so.0(ORBit_small_invoke_stub_n+0x58)[0x1bda44]
/home/colding/opt/lib/libORBit-2.so.0(ORBit_c_stub_invoke+0x13d)[0x1ce0f1]
./brutus_client(BRUTUS_BrutusLogOn_Logon+0x6f)[0x80675ef]
./brutus_client(main+0x105c)[0x805bc2f]
/lib/libc.so.6(__libc_start_main+0xdf)[0x99bd5f]
./brutus_client[0x8057d91]
======= Memory map: ========
0019e000-001e1000 r-xp 00000000 03:02 724386     /home/colding/opt/lib/libORBit-2.so.0.1.0
001e1000-001ed000 rwxp 00042000 03:02 724386     /home/colding/opt/lib/libORBit-2.so.0.1.0
0023a000-0023b000 r-xp 0023a000 00:00 0          [vdso]
003e3000-00467000 r-xp 00000000 03:02 10027687   /usr/lib/libglib-2.0.so.0.600.6
00467000-0046c000 rwxp 00084000 03:02 10027687   /usr/lib/libglib-2.0.so.0.600.6
004e3000-004ea000 r-xp 00000000 03:02 10024394   /usr/lib/libpopt.so.0.0.0
004ea000-004eb000 rwxp 00006000 03:02 10024394   /usr/lib/libpopt.so.0.0.0
006e0000-006e9000 r-xp 00000000 03:02 6612724    /lib/libnss_files-2.3.5.so
006e9000-006ea000 r-xp 00008000 03:02 6612724    /lib/libnss_files-2.3.5.so
006ea000-006eb000 rwxp 00009000 03:02 6612724    /lib/libnss_files-2.3.5.so
00969000-00983000 r-xp 00000000 03:02 6612674    /lib/ld-2.3.5.so
00983000-00984000 r-xp 00019000 03:02 6612674    /lib/ld-2.3.5.so
00984000-00985000 rwxp 0001a000 03:02 6612674    /lib/ld-2.3.5.so
00987000-00aaa000 r-xp 00000000 03:02 6612722    /lib/libc-2.3.5.so
00aaa000-00aac000 r-xp 00123000 03:02 6612722    /lib/libc-2.3.5.so
00aac000-00aae000 rwxp 00125000 03:02 6612722    /lib/libc-2.3.5.so
00aae000-00ab0000 rwxp 00aae000 00:00 0
00ad9000-00adb000 r-xp 00000000 03:02 6612767    /lib/libdl-2.3.5.so
00adb000-00adc000 r-xp 00001000 03:02 6612767    /lib/libdl-2.3.5.so
00adc000-00add000 rwxp 00002000 03:02 6612767    /lib/libdl-2.3.5.so
00bb1000-00be9000 r-xp 00000000 03:02 10027901   /usr/lib/libgobject-2.0.so.0.600.6
00be9000-00bed000 rwxp 00037000 03:02 10027901   /usr/lib/libgobject-2.0.so.0.600.6
00bef000-00bf8000 r-xp 00000000 03:02 6612796    /lib/libgcc_s-4.0.2-20051126.so.1
00bf8000-00bf9000 rwxp 00009000 03:02 6612796    /lib/libgcc_s-4.0.2-20051126.so.1
00c32000-00c35000 r-xp 00000000 03:02 10027714   /usr/lib/libgmodule-2.0.so.0.600.6
00c35000-00c36000 rwxp 00002000 03:02 10027714   /usr/lib/libgmodule-2.0.so.0.600.6
00c5f000-00c63000 r-xp 00000000 03:02 10028328   /usr/lib/libgthread-2.0.so.0.600.6
00c63000-00c64000 rwxp 00003000 03:02 10028328   /usr/lib/libgthread-2.0.so.0.600.6
00d61000-00d6f000 r-xp 00000000 03:02 6612785    /lib/libpthread-2.3.5.so
00d6f000-00d70000 r-xp 0000d000 03:02 6612785    /lib/libpthread-2.3.5.so
00d70000-00d71000 rwxp 0000e000 03:02 6612785    /lib/libpthread-2.3.5.so
00d71000-00d73000 rwxp 00d71000 00:00 0
08048000-0808c000 r-xp 00000000 03:02 9100610    /home/colding/work/src/brutus/idl/samples/C/client/brutus_client
0808c000-08097000 rw-p 00043000 03:02 9100610    /home/colding/work/src/brutus/idl/samples/C/client/brutus_client
09084000-090a5000 rw-p 09084000 00:00 0          [heap]
b7300000-b7321000 rw-p b7300000 00:00 0
b7321000-b7400000 ---p b7321000 00:00 0
b74c2000-b74c3000 ---p b74c2000 00:00 0
b74c3000-b7503000 rw-p b74c3000 00:00 0
b7503000-b7504000 ---p b7503000 00:00 0
b7504000-b7f07000 rw-p b7504000 00:00 0
b7f0c000-b7f0d000 rw-p b7f0c000 00:00 0
b7f0d000-b7f13000 r--s 00000000 03:02 10082991   /usr/lib/gconv/gconv-modules.cache
b7f13000-b7f14000 rw-p b7f13000 00:00 0
bf7ff000-bf814000 rw-p bf7ff000 00:00 0          [stack]
Aborted
[colding home client]$




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]