Hi Guys,
I finally got a proper stack trace from glowcode.... Apparently my system path
had another version of the native enoatry libs then the ones with which the
application was build (that results in wrong stack info during the GlowCode
sessions). I don't know whether this leak was caused in my test application or
is a serious one. I'm gonna look into this.
Regards, Wouter
GlowCode Leaks -- C:\Development\cordys\eNotary
mntc\projects\enotary\enotaryservices\src\cpp\testapp\Debug\testapp.exe, Wed
Mar 15 09:29:19 2006
-a block @0xC08F30, 66 bytes, malloc called from xmlBufferCreateSize(); file
..\tree.c; line 6620 + 8 bytes; module libENotaryService.dll; 0x4F3B6A :
lReq:3890
-find pointers to this block
No pointers found, probable MEMORY LEAK!
-call stack during allocation
caller(1): xmlBufferCreateSize(); file ..\tree.c; line 6620 + 13 bytes;
module libENotaryService.dll; 0x4F3B6F
caller(2): xmlNodeGetContent(); file ..\tree.c; line 5045 + 7 bytes;
module libENotaryService.dll; 0x4F18B1
caller(3): eslGetIfAcceptedDocumentsRequiredFromRequest(); file
c:\development\cordys\enotary
mntc\projects\enotary\enotaryservices\src\cpp\libenotaryservice\src\enotaryservice.c;
line 713 + 9 bytes; module libENotaryService.dll; 0x4E9165
caller(4): dbGetGetDocumentsInfo(); file c:\development\cordys\enotary
mntc\projects\enotary\enotaryservices\src\cpp\enoservice\src\db.c; line 954 +
19 bytes; module enoservice.dll; 0x3B6376
caller(5): runTest1(); file c:\development\cordys\enotary
mntc\projects\enotary\enotaryservices\src\cpp\testapp\main.cpp; line 93 + 20
bytes; module testapp.exe; 0x401296
caller(6): main(); file c:\development\cordys\enotary
mntc\projects\enotary\enotaryservices\src\cpp\testapp\main.cpp; line 107 + 12
bytes; module testapp.exe; 0x401324
caller(7): mainCRTStartup(); file
f:\vs70builds\3077\vc\crtbld\crt\src\crt0.c; line 259 + 25 bytes; module
testapp.exe; 0x404330
caller(8): RegisterWaitForInputIdle(); + 73 bytes; module kernel32.dll;
0x7C816D4F
-dump bytes
00C08F30 79 65 73 00 CD CD CD CD CD CD CD CD CD CD CD CD
yes. ÍÍÍÍÍÍÍÍÍÍÍÍ
00C08F40 CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
00C08F50 CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
00C08F60 CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD CD
ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
00C08F70 CD CD ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??
ÍÍ. . . . . . . . . . . . . .
-dump dwords
00C08F30 00736579 CDCDCDCD CDCDCDCD CDCDCDCD
00C08F70 CDCDCDCD CDCDCDCD CDCDCDCD CDCDCDCD
00C08FB0 CDCDCDCD CDCDCDCD CDCDCDCD CDCDCDCD
00C08FF0 CDCDCDCD CDCDCDCD CDCDCDCD CDCDCDCD
00C09030 FDFDCDCD ???????? ???????? ????????
Leaks found, 1 blocks, 66 bytes
-----Original Message-----
From: Berin Lautenbach [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 15, 2006 9:13
To: security-dev@xml.apache.org
Subject: Re: TLP Resolution
Thoughts welcome :>.
Berin Lautenbach wrote:
> OK - I'm going to take the idea to the board.
>
> Before I do - we need a couple of things.
>
> 1. A name. I'd personally be against anything fancy or non-obvious.
> But I don't really want to use "Apache Security" as I think it will
> get too confusing against the security group within the ASF (the group
> that looks after security bug reports etc.) "Apache Infosec"?
> "Apache Secure"? Obviously there is a reason I never went into
> marketing :>.
>
> 2. A scope. Probably not hard. "...open-source software related to
> security..." is a good place to start I suspect :>.
>
> I also wouldn't mind to take some first steps as to what we want to
> do. Obviously set up xml-security and JuiCE, but I'd personally like
> to see the ASF become a source of best practice for security software
> as well. Longer term - but an interesting goal for a tlp within the
> ASF. And if we are going to use this as an exercise in raising
> interest in what we are doing inside/outside the ASF, then we want to
> think about what kind of message we want to give people when the
> project goes to top level.
>
> I'd also like to use it as a central point people can go to in order
> to see all security related software in the ASF. Not to have projects
> like WS-Security under the security project, but to have links to
> other projects/efforts in the ASF that are related to security
> software.
>
> Thoughts welcome!
>
> Cheers,
> Berin
>
> Ben Laurie wrote:
>
>
>>Davanum Srinivas wrote:
>>
>>
>>>Dear Ben and Dear Ben,
>>>
>>>what do you guys think? A Security Federation/TLP/PMC. Starting with
>>>Apache XML-Security and Apache Juice.
>>
>>
>>It sounds like a very good idea to me, I'd certainly support it. Of
>>course, we already have a CA. Written in, errr, perl :-)
>>
>>Cheers,
>>
>>Ben.
>>
>>
>>
>>>thanks,
>>>-- dims
>>>
>>>On 3/11/06, Berin Lautenbach <[EMAIL PROTECTED]> wrote:
>>>
>>>
>>>>I would be interested in widening it as well - with the proviso that
>>>>it is like a federation. I.e. we use it to seed projects then build
>>>>them and spawn them into TLPs once they grow to size.
>>>>
>>>>I might start sounding some people out.
>>>>
>>>>Dims - what's your thoughts?
>>>>
>>>>On the subject - having spent the most of Saturday searching for a
>>>>decent Open Source CA, I'd now be interested in building one that
>>>>doesn't use &[EMAIL PROTECTED] perl. I.e. do the core in C++ with perl/PHP
>>>>being used for the interfacing only.
>>>>
>>>>Cheers,
>>>> Berin
>>>>
>>>>Werner Dittmann wrote:
>>>>
>>>>
>>>>
>>>>>+1 from me.
>>>>>
>>>>>Just a comment regarding the charter: is it really only Apache XML
>>>>>Security? IMHO this would be a bit too narrow, for example JuiCE is
>>>>>not dependent on XML, maybe other security related software will be
>>>>>pop up later as well.
>>>>>
>>>>>I would like to see an "Apache Security" PMC that would address all
>>>>>kind of security relevant software and act as a solid base to
>>>>>deliver security functions to other Apache projects. Also we may
>>>>>think to browse existing Apache projects to see if there is already
>>>>>software (maybe even multiply implemented) and pool them here.
>>>>>
>>>>>BTW, I would be happy to be a part of this activity.
>>>>>
>>>>>Regards,
>>>>>Werner
>>>>>
>>>>>Berin Lautenbach wrote:
>>>>>
>>>>>
>>>>>
>>>>>>Peoples,
>>>>>>
>>>>>>Sometime back we talked about becoming a TLP. With the recent
>>>>>>JuiCE efforts, + JSR 105 + XKMS we are starting to see a few
>>>>>>different things occuring. I'd be hugely in favour of starting
>>>>>>something at a higher level in Apache to get some visibility.
>>>>>>
>>>>>>I'm also toying with the idea of creating a broader security
>>>>>>project/federation to encourage that kind of software within the
>>>>>>ASF.
>>>>>>
>>>>>>Thoughts?
>>>>>>
>>>>>>Draft proposal for the board below. If we want to do this - all
>>>>>>active committers will need to vote either on this or on a broader
>>>>>>(or even
>>>>>>narrower!) charter terms of reference that we all can agree to.
>>>>>>
>>>>>>Cheers,
>>>>>> Berin
>>>>>>
>>>>>>
>>>>>>
>>>>>> WHEREAS, the Board of Directors deems it to be in the best
>>>>>> interests of the Foundation and consistent with the
>>>>>> Foundation's purpose to establish a Project Management
>>>>>> Committee charged with the creation and maintenance of
>>>>>> open-source software related to XML security technologies,
>>>>>> for distribution at no charge to the public.
>>>>>>
>>>>>> NOW, THEREFORE, BE IT RESOLVED, that a Project Management
>>>>>> Committee (PMC), to be known as the "Apache XML Security PMC",
>>>>>> be and hereby is established pursuant to Bylaws of the
>>>>>> Foundation; and be it further
>>>>>>
>>>>>> RESOLVED, that the Apache XML Security PMC be and hereby is
>>>>>> responsible for the creation and maintenance of software
>>>>>> related to creation and maintenance of open-source software
>>>>>> related to XML security technologies based on software licensed
>>>>>> to the Foundation; and be it further
>>>>>>
>>>>>> RESOLVED, that the office of "Vice President, Apache XML
>>>>>> Security" be and hereby is created, the person holding such
>>>>>> office to serve at the direction of the Board of Directors as
>>>>>> the chair of the Apache XML Security PMC, and to have primary
>>>>>> responsibility for management of the projects within the scope
>>>>>> of responsibility of the Apache XML Security PMC; and be it
>>>>>> further
>>>>>>
>>>>>> RESOLVED, that the persons listed immediately below be and
>>>>>> hereby are appointed to serve as the initial members of the
>>>>>> Apache XML Security PMC:
>>>>>>
>>>>>>
>>>>>>
>>>>>> <!-- List out all committers in format of
>>>>>> Berin Lautenbach <[EMAIL PROTECTED]>
>>>>>> -->
>>>>>>
>>>>>>
>>>>>> NOW, THEREFORE, BE IT FURTHER RESOLVED, than ??
>>>>>> <[EMAIL PROTECTED]> appointed to the office of Vice President,
>>>>>> Apache XML Security, to serve in accordance with and subject
>>>>>> to the direction of the Board of Directors and the Bylaws of the
>>>>>> Foundation until death, resignation, retirement, removal or
>>>>>> disqualification, or until a successor is appointed; and be it
>>>>>> further
>>>>>>
>>>>>> RESOLVED, that the initial Apache XML Security PMC be and hereby
>>>>>> is tasked with the creation of a set of bylaws intended to
>>>>>> encourage open development and increased participation in the
>>>>>> Apache XML Security Project; and be it further
>>>>>>
>>>>>> RESOLVED, that the initial Apache XML Security PMC be and hereby
>>>>>> is tasked with the migration and rationalization of the Apache
>>>>>> XML PMC XML Security subproject; and be it further
>>>>>>
>>>>>> RESOLVED, that all responsibility pertaining to the XML XML
>>>>>> Security sub-project and encumbered upon the Apache XML PMC are
>>>>>> hereafter discharged.
>>>>>>
>>>>>
>>>>>
>>>>>
>>>--
>>>Davanum Srinivas : http://wso2.com/blogs/
>>>
>>>
>>
>>
>>
>
>
***************************************************************************************************
The information in this message is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this message by anyone else
is
unauthorized. If you are not the intended recipient, any disclosure, copying,
or
distribution of the message, or any action or omission taken by you in reliance
on it is prohibited and may be unlawful. Please immediately contact the sender
if
you have received this message in error. This email does not constitute any
commitment from Cordys Holding BV or any of its subsidiaries except when
expressly agreed in a written agreement between the intended recipient and
Cordys Holding BV or its subsidiaries.
***************************************************************************************************
