[
https://issues.apache.org/jira/browse/AXIS2C-1472?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12922591#action_12922591
]
Ivan Pechorin commented on AXIS2C-1472:
---------------------------------------
Hello
It seems like this particular change results in double-freeing of freed memory.
I hit it every time when processing a request with wrong URI (such as request
to non-existent or misspelled service).
The first time is when we free fault_ctx->soap_envelope (thanks to this patch),
here is the call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope *
> soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0,
const axutil_env * env=0x03a48478)
msg_ctx.c:426
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker *
http_worker=0x03a47700, const axutil_env * env=0x03a48478,
axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request *
simple_request=0x03a48580)
http_worker.c:1076
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t *
thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
The second time we free the same soap envelope as msg_ctx->fault_soap_envelope
when called from http_worker.c, line 1830:
else
{
/* cases like HEAD, WSDL */
axis2_msg_ctx_free(msg_ctx, env);
}
Here is the corresponding call stack:
> axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope *
> soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78,
const axutil_env * env=0x03a48478) Line 434 C
msg_ctx.c:431
axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker *
http_worker=0x03a47700, const axutil_env * env=0x03a48478,
axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request *
simple_request=0x03a48580) Line 1833 C
http_worker.cpp:1830
axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t *
thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
I had to revert this particular change from revision #961258 in my working
copy. And there are no problems with double freeing anymore after reverting.
Details of my platform:
- compiler: Visual C++ 2010, 32-bit release build
- OS: Windows 7 64-bit
P.S. If there is such need, I'll try to reproduce the problem on other
platforms, such as Linux, Solaris or HP-UX.
> in http_worker.c function axis2_http_worker_process_request(): if status ==
> AXIS2_FAILURE then engine and fault_ctx are not freed.
> ----------------------------------------------------------------------------------------------------------------------------------
>
> Key: AXIS2C-1472
> URL: https://issues.apache.org/jira/browse/AXIS2C-1472
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.7.0
> Environment: linux
> Reporter: Robert Springer
> Priority: Minor
> Fix For: 1.7.0
>
>
> in http_worker.c function axis2_http_worker_process_request(): if status ==
> AXIS2_FAILURE then engine and fault_ctx are not freed:
> axis2_http_status_line_free(tmp_stat_line, env);
> tmp_stat_line = NULL;
> }
> + axis2_engine_free(engine, env);
> +
> + if (fault_ctx)
> + {
> + axis2_msg_ctx_free(fault_ctx, env);
> + }
> }
> }
> else
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
