[
https://issues.apache.org/jira/browse/AXIS2C-1590?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Lazarski resolved AXIS2C-1590.
-------------------------------------
Fix Version/s: 2.0.0
(was: 1.7.0)
Resolution: Fixed
The reference counting in axiom_attribute was broken. Attributes were
created with ref=0, but axiom_attribute_free used "if(--ref > 0)" which
caused incorrect behavior:
- With ref=0: decrement to -1, -1 > 0 = false, freed immediately
- After increment_ref (ref=1): decrement to 0, 0 > 0 = false, freed!
This meant increment_ref had no effect - the object was always freed
on the first free() call, causing double-free issues when multiple
owners tried to release their references.
Fix by initializing ref=1 on creation, matching axiom_namespace behavior
and standard reference counting semantics where creating an object gives
you a reference. This requires callers that transfer ownership (like
axiom_stax_builder) to release their reference after adding to an element.
Changes:
- axiom/src/om/om_attribute.c: Initialize ref=1 in both create functions
- axiom/src/om/om_stax_builder.c: Release attribute reference after adding
- src/core/clientapi/svc_client.c: Release attribute references after adding
> axiom_attribute reference counting broken
> -----------------------------------------
>
> Key: AXIS2C-1590
> URL: https://issues.apache.org/jira/browse/AXIS2C-1590
> Project: Axis2-C
> Issue Type: Bug
> Components: xml/om
> Affects Versions: 1.7.0
> Reporter: Sebastian Brandt
> Priority: Major
> Fix For: 2.0.0
>
>
> The reference counting in axiom_attribute seems to be broken.
> When created, om_element has ref = 0.
> When free is called the first time,
> if(--attribute->ref > 0)
> evaluates to false; thus, the instance is freed. so far ok.
> When axiom_attribute_increment_ref is called, the ref count is incremented.
> if axiom_attribute_free is called now, again, if(--attribute->ref > 0)
> evaluates to false, and the instance is freed.
> Now, which is the right way to use the instance?
> a) call _create, and _free
> b) call _create, _increment_ref, and _free once?
> c) call _create, _increment_ref, and _free twice? (currently results in
> duplicate free).
> As far as I can see, a and b both happen, though I'm sure the b case looks
> rather like having forgotten to call _free a second time.
> axiom_element_add_attribute:
> axutil_hash_set(om_element->attributes, name, AXIS2_HASH_KEY_STRING,
> attribute);
> axiom_attribute_increment_ref(attribute, env);
> axiom_element_free:
> for each attribute in ->attributes:
> axiom_attribute_free((axiom_attribute_t *)val, env);
> for _these_ attributes, no other call to axiom_attribute_free is done.
> In other cases, _create and _free is called without increment_ref.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
