Bug 49557 - index erro in the loop to get the env info in the proc.create function
Summary: index erro in the loop to get the env info in the proc.create function
Status: RESOLVED FIXED
Alias: None
Product: Tomcat Native
Classification: Unclassified
Component: Library (show other bugs)
Version: 1.1.19
Hardware: PC Windows XP
: P2 critical (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
: 49556 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-07-05 22:03 UTC by lanyuflying
Modified: 2011-01-07 03:28 UTC (History)
0 users



Attachments
Patch for proc.c of native/1.1.x. (not tested) (760 bytes, patch)
2011-01-06 18:17 UTC, Konstantin Kolinko
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description lanyuflying 2010-07-05 22:03:58 UTC
line 232:s_env[i+1] = tcn_get_string(e, str);

this will crash the java vm for a violate access error.
Comment 1 jfclere 2011-01-06 11:49:54 UTC
What are you trying to do?
Comment 2 Konstantin Kolinko 2011-01-06 18:15:41 UTC
He tries to launch an external program with a Proc.create() call, I think.

I see two problems in the current implementation of Proc::create in proc.c of native 1.1:

1)
    if (env)
        es = (*e)->GetArrayLength(e, args);
calculates the length of the "args" array, where "env" array is expected. I think it is the actual cause of access violation error.

2)
            s_env[i+1] = tcn_get_string(e, str);
as OP noted, should be
            s_env[i] = tcn_get_string(e, str);

Note, that if the "[i+1]" in the code were correct, there is
        s_env[i++] = apr_psprintf(p, TCN_PARENT_IDE "=%d", getpid());
assignment later, that will overwrite the last env. variable value in that case.


This is probably not an error:
I see a cycle of free() calls to clear calls for s_env values. I do not see a free() call for the value assigned with
  s_env[i++] = apr_psprintf(p, TCN_PARENT_IDE "=%d", getpid());
Probably that is not needed, because it was allocated from a pool?
Comment 3 Konstantin Kolinko 2011-01-06 18:17:54 UTC
Created attachment 26464 [details]
Patch for proc.c of native/1.1.x. (not tested)
Comment 4 Konstantin Kolinko 2011-01-06 21:22:50 UTC
*** Bug 49556 has been marked as a duplicate of this bug. ***
Comment 5 jfclere 2011-01-07 03:22:10 UTC
the free() are needed as the tcn_get_string makes malloc().
Comment 6 jfclere 2011-01-07 03:28:39 UTC
Fixed by r1056218