Bug 49557

Summary: index erro in the loop to get the env info in the proc.create function
Product: Tomcat Native Reporter: lanyuflying
Component: LibraryAssignee: Tomcat Developers Mailing List <dev>
Severity: critical    
Priority: P2    
Version: 1.1.19   
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   
Attachments: Patch for proc.c of native/1.1.x. (not tested)

Description lanyuflying 2010-07-05 22:03:58 UTC
line 232:s_env[i+1] = tcn_get_string(e, str);

this will crash the java vm for a violate access error.
Comment 1 jfclere 2011-01-06 11:49:54 UTC
What are you trying to do?
Comment 2 Konstantin Kolinko 2011-01-06 18:15:41 UTC
He tries to launch an external program with a Proc.create() call, I think.

I see two problems in the current implementation of Proc::create in proc.c of native 1.1:

    if (env)
        es = (*e)->GetArrayLength(e, args);
calculates the length of the "args" array, where "env" array is expected. I think it is the actual cause of access violation error.

            s_env[i+1] = tcn_get_string(e, str);
as OP noted, should be
            s_env[i] = tcn_get_string(e, str);

Note, that if the "[i+1]" in the code were correct, there is
        s_env[i++] = apr_psprintf(p, TCN_PARENT_IDE "=%d", getpid());
assignment later, that will overwrite the last env. variable value in that case.

This is probably not an error:
I see a cycle of free() calls to clear calls for s_env values. I do not see a free() call for the value assigned with
  s_env[i++] = apr_psprintf(p, TCN_PARENT_IDE "=%d", getpid());
Probably that is not needed, because it was allocated from a pool?
Comment 3 Konstantin Kolinko 2011-01-06 18:17:54 UTC
Created attachment 26464 [details]
Patch for proc.c of native/1.1.x. (not tested)
Comment 4 Konstantin Kolinko 2011-01-06 21:22:50 UTC
*** Bug 49556 has been marked as a duplicate of this bug. ***
Comment 5 jfclere 2011-01-07 03:22:10 UTC
the free() are needed as the tcn_get_string makes malloc().
Comment 6 jfclere 2011-01-07 03:28:39 UTC
Fixed by r1056218