[
https://issues.apache.org/jira/browse/AXIS2C-1499?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1499.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Implemented
After thorough analysis, this issue (AXIS2C-1499) has already been fixed in the
current codebase.
The fix is at src/core/engine/engine.c line 666:
axis2_msg_ctx_set_fault_soap_envelope(processing_context, env, NULL);
When axis2_engine_create_fault_msg_ctx() takes ownership of the fault soap
envelope from processing_context, it clears the reference to NULL (line 666).
This prevents the double-free because:
1. fault_ctx->soap_envelope = the fault envelope
2. processing_context->fault_soap_envelope = NULL (cleared)
When both contexts are later freed:
- fault_ctx->soap_envelope is freed once
- processing_context->fault_soap_envelope is NULL, so nothing is freed
The original AXIS2C-1472 fix added freeing of fault_ctx but likely didn't
have the NULL clearing at that time, causing the double-free. The fix has since
been added.
No additional changes needed for AXIS2C-1499 - it's already resolved.
> double-freeing in axis2_http_worker_process_request()
> -----------------------------------------------------
>
> Key: AXIS2C-1499
> URL: https://issues.apache.org/jira/browse/AXIS2C-1499
> Project: Axis2-C
> Issue Type: Bug
> Components: core/transport
> Affects Versions: 1.7.0
> Environment: Windows 7, Visual Studio 2010, 32-bit build
> Reporter: Ivan Pechorin
> Priority: Major
> Fix For: 2.0.0
>
>
> It seems like change from svn revision #961258 (a fix for
> https://issues.apache.org/jira/browse/AXIS2C-1472 ), results in
> double-freeing of freed memory. I hit it every time when processing a request
> with wrong URI (such as request to non-existent or misspelled service).
> The first time is when we free fault_ctx->soap_envelope (thanks to this
> patch), here is the call stack:
> > axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope *
> > soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
> axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a52de0,
> const axutil_env * env=0x03a48478)
> msg_ctx.c:426
> axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker *
> http_worker=0x03a47700, const axutil_env * env=0x03a48478,
> axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request *
> simple_request=0x03a48580)
> http_worker.c:1076
> axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t *
> thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
> axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
> The second time we free the same soap envelope as
> msg_ctx->fault_soap_envelope when called from http_worker.c, line 1830:
> else
> {
> /* cases like HEAD, WSDL */
> axis2_msg_ctx_free(msg_ctx, env);
> }
> Here is the corresponding call stack:
> > axiom.dll!axiom_soap_envelope_free(axiom_soap_envelope *
> > soap_envelope=0x03a51020, const axutil_env * env=0x03a48478) Line 155 C
> axis2_engine.dll!axis2_msg_ctx_free(axis2_msg_ctx * msg_ctx=0x03a49e78,
> const axutil_env * env=0x03a48478) Line 434 C
> msg_ctx.c:431
> axis2_engine.dll!axis2_http_worker_process_request(axis2_http_worker *
> http_worker=0x03a47700, const axutil_env * env=0x03a48478,
> axis2_simple_http_svr_conn * svr_conn=0x03a484d0, axis2_http_simple_request *
> simple_request=0x03a48580) Line 1833 C
> http_worker.cpp:1830
> axis2_http_receiver.dll!axis2_svr_thread_worker_func(axutil_thread_t *
> thd=0x03a48130, void * data=0x03a480e0) Line 270 + 0x15 bytes C
> axutil.dll!dummy_worker(void * opaque=0x03a48130) Line 88 C
> I had to revert this particular change from revision #961258 in my working
> copy. And there are no problems with double freeing anymore after reverting.
> Details of my platform:
> - compiler: Visual C++ 2010, 32-bit release build
> - OS: Windows 7 64-bit
> P.S. If there is such need, I'll try to reproduce the problem on other
> platforms, such as Linux, Solaris or HP-UX.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
