'HPUX-DEVTOOLS: Problem with DCE'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       hpux-devtools
Subject:    HPUX-DEVTOOLS: Problem with DCE
From:       Adam Markiewicz <Adam.Markiewicz () alcatel ! pl>
Date:       2002-12-09 15:10:56
[Download RAW message or body]

Hello.

I don't know where to search for help.
I have a big problem with a big project using DCE library for
communication with external application.
The problem is when I try to unregister my DCE server. After I've
installed an additional utility to trace every memory allocation / free
I get a core dump generated by this utility. The project is
multithreaded (kernel threads). However thread synchronization was
designed with care, so parallel execution is unlikely to be a problem.

Here's backtrace from gdb:

Program terminated with signal 11, Segmentation fault.
#0  0x7f7a2948 in kill () from /usr/lib/libc.2
(gdb) bt
#0  0x7f7a2948 in kill () from /usr/lib/libc.2
#1  0x7f73c7e8 in raise () from /usr/lib/libc.2
#2  0x519d8 in Abort_On_Freeing_Unallocated_Memory (mm=0x40003e60,
ptr=0x7ee59668) at aborts.cpp:18
#3  0x51330 in free ()
#4  0x7ef817dc in destroy_node () from /usr/lib/libdcekt.1
#5  0x7ef8192c in destroy_dir () from /usr/lib/libdcekt.1
#6  0x7ef839a8 in dms_unregister_subsys () from /usr/lib/libdcekt.1
#7  0x7eea92d8 in rpc__server_unregister_if_int () from
/usr/lib/libdcekt.1
#8  0x7eea96e0 in rpc_server_unregister_if () from /usr/lib/libdcekt.1
#9  0x7f2c6b4c in RegisterServer::UnRegisterServer (this=0x402efbe0,
nBackLevel=10)

The first very interesting thing is the address being freed. 0x7... is
very unlikely to come from malloc(). I've observer three situations that
give this address:
1. automatic variables on stack
2. statically declared objects
3. pointer returned from mmap() (however it should be freed with
munmap(), not free())

Let us test further:

(gdb) frame 2
#2  0x519d8 in Abort_On_Freeing_Unallocated_Memory (mm=0x40003e60,
ptr=0x7ee59668) at aborts.cpp:18
18      in aborts.cpp
(gdb) print *(char(*)[64])ptr
$1 =
"mgmt\000\000\000\000rpc__mgmt_inq_if_ids\000\000\000\000rpc__mgmt_inq_stats\000\000\000\000\000rpc__mgm"

We're going somewhere. This seems to be a string. (followed by another
string).
As far as I know the DCE mechanisms these are names of functions from
DCE interface, remembered internally by the library, so I even do not
have access to them from my code. It looks to me, like DCE is trying to
free() internal globals. Is there a patch for it? I've installed
already PHSS_20444 and PHSS_20446. I use dcekt.1

Looking for any help

Adam
 _________________________________________________________________
 To leave this mailing list, send mail to majordomo@cxx.cup.hp.com
    with the message UNSUBSCRIBE hpux-devtools
 _________________________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic