After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 326283 - Invalid read in orbit-adaptor.c
Invalid read in orbit-adaptor.c
Status: RESOLVED FIXED
Product: ORBit2
Classification: Deprecated
Component: POA
unspecified
Other Linux
: Normal normal
: ---
Assigned To: ORBit maintainers
ORBit maintainers
: 327971 328512 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2006-01-09 09:32 UTC by Kjartan Maraas
Modified: 2006-01-26 10:33 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Kjartan Maraas 2006-01-09 09:32:08 UTC 
Valgrind reported this when running a gnome session with it:

==25705== 1 errors in context 1 of 6:
==25705== Invalid read of size 4
==25705==    at 0x4B00474: ORBit_adaptor_find (orbit-adaptor.c:164)
==25705==    by 0x4B00796: ORBit_handle_request (orbit-adaptor.c:255)
==25705==    by 0x4AE48AE: giop_connection_handle_input (giop-recv-buffer.c:1282)
==25705==    by 0x4B07D88: link_connection_io_handler (linc-connection.c:1367)
==25705==    by 0x4B0A0DA: link_source_dispatch (linc-source.c:159)
==25705==    by 0x4BCA0DA: g_main_dispatch (gmain.c:1916)
==25705==    by 0x4BCB5BA: g_main_context_dispatch (gmain.c:2466)
==25705==    by 0x4BCBB34: g_main_context_iterate (gmain.c:2547)
==25705==    by 0x4BCC306: g_main_loop_run (gmain.c:2751)
==25705==    by 0x4B05DF8: link_io_thread_fn (linc.c:394)
==25705==    by 0x4BE9B56: g_thread_create_proxy (gthread.c:582)
==25705==    by 0x4B94261: start_thread (pthread_create.c:261)
==25705==    by 0x4CF918D: clone (in /lib/libc-2.3.90.so)
==25705==  Address 0x18 is not stack'd, malloc'd or (recently) free'd

This is from Thread 2 in the drivemount applet from what I can tell.
Comment 1 Michael Meeks 2006-01-09 10:45:27 UTC 
This should fix it:

--- src/orb/poa/orbit-adaptor.c 2 Jul 2005 11:55:25 -0000       1.27
+++ src/orb/poa/orbit-adaptor.c 9 Jan 2006 10:44:56 -0000
@@ -159,14 +159,13 @@ ORBit_adaptor_find (CORBA_ORB orb, ORBit
 
        LINK_MUTEX_LOCK (ORBit_RootObject_lifecycle_lock);
        {
-               adaptor = g_ptr_array_index (orb->adaptors, adaptorId);
-
-               if (memcmp (objkey->_buffer,
-                           adaptor->adaptor_key._buffer,
-                           ORBIT_ADAPTOR_PREFIX_LEN))
-                       adaptor = NULL;
-               else
-                       ORBit_RootObject_duplicate_T (adaptor);
+               if ((adaptor = g_ptr_array_index (orb->adaptors, adaptorId)))
+                       if (memcmp (objkey->_buffer,
+                                   adaptor->adaptor_key._buffer,
+                                   ORBIT_ADAPTOR_PREFIX_LEN))
+                               adaptor = NULL;
+                       else
+                               ORBit_RootObject_duplicate_T (adaptor);
        }
        LINK_MUTEX_UNLOCK (ORBit_RootObject_lifecycle_lock);
 
Any chance you can test / commit ? :-)
Comment 2 Kjartan Maraas 2006-01-13 10:35:03 UTC 
Can I drop the unneeded () in the if ((adaptor = ...)))?
Comment 3 Kjartan Maraas 2006-01-13 10:37:07 UTC 
Guess not since the compiler will complain then.
Comment 4 Kjartan Maraas 2006-01-17 12:59:21 UTC 
Commited.
Comment 5 Michael Meeks 2006-01-26 10:33:17 UTC 
*** Bug 328512 has been marked as a duplicate of this bug. ***
Comment 6 Michael Meeks 2006-01-26 10:33:57 UTC 
*** Bug 327971 has been marked as a duplicate of this bug. ***