| Bug#: 230 | Product: JacORB | Version: 1.4 beta 4 | Platform: PC |
| OS/Version: Windows 2000 | Status: RESOLVED | Severity: blocker | Priority: P2 |
| Resolution: FIXED | Assigned To: gerald.brose@acm.org | Reported By: jaeger@varial.de | |
| Component: ORB | |||
| URL: | |||
| Summary: Marshalling, CDROutputStream, write behind buffer | |||
| Opened: 2002-07-19 15:47 | |||
| Description: | Opened: 2002-07-19 15:47 |
Jacorb produces the following exception in some cases which are actually hard
to
reproduce and have been only discovered by chance.
Obviously something is wrong with the buffer size/position/index in the method
check ...
Only when a certain amount of data is transferred this happens; since I don't
know the Jacorb internals it is impossible for me to produce a simple example.
############################ StackTrace ############################
java.lang.ArrayIndexOutOfBoundsException
at org.jacorb.orb.CDROutputStream.check(CDROutputStream.java:337)
at
org.jacorb.orb.CDROutputStream.write_short(CDROutputStream.java:1105)
at
com.varial.accounting.invoiceallocation.InvoiceAllocationOpenItemStructHelper.write(InvoiceAllocationOpenItemStructHelper.java:75)
at
com.varial.accounting.invoiceallocation.InvoiceAllocationOpenItemSeqHelper.write(InvoiceAllocationOpenItemSeqHelper.java:47)
at
com.varial.accounting.invoiceallocation.InvoiceAllocationServantPOA._invoke(InvoiceAllocationServantPOA.java:439)
at
org.jacorb.poa.RequestProcessor.invokeOperation(RequestProcessor.java:239)
at org.jacorb.poa.RequestProcessor.process(RequestProcessor.java:456)
at org.jacorb.poa.RequestProcessor.run(RequestProcessor.java:581)
Please find a patch below:
*** CDROutputStream.java.org Mon Jul 29 07:33:16 2002
--- CDROutputStream.java Tue Aug 6 09:18:01 2002
***************
*** 341,355 ****
//at maximum, there are 8 bytes of padding. the following
//is (supposed to be :-) faster than using a for-loop
! buffer[ pos ] = (byte) 0;
! buffer[ pos + 1 ] = (byte) 0;
! buffer[ pos + 2 ] = (byte) 0;
! buffer[ pos + 3 ] = (byte) 0;
! buffer[ pos + 4 ] = (byte) 0;
! buffer[ pos + 5 ] = (byte) 0;
! buffer[ pos + 6 ] = (byte) 0;
! buffer[ pos + 7 ] = (byte) 0;
!
index += remainder;
pos += remainder;
}
--- 341,354 ----
//at maximum, there are 8 bytes of padding. the following
//is (supposed to be :-) faster than using a for-loop
!
! // but check does not check for 8 bytes ...
! int topad = Math.min(buffer.length - pos, 8);
! for (int j = 0; j < topad; j++)
! {
! buffer[ pos + j ] = (byte) 0;
! }
!
index += remainder;
pos += remainder;
}