- Ask a related questionWhat is a related question?A related question is a question created from another question. When the related question is created, it will be automatically linked to the original question.
Rather similar to this old post, the ONVIF code in our IPNC SDK crashes with memory corruption errors whenever we get the network configuration with Onvif Device manager.
I have applied the gSoap fix suggested in that link, but with no result.
The console output / log is here, you can see the ONVIF request come in, get processed & returned, but something goes a bit wrong in the process. As you can see, I've added various debug prints to try and track what's happening:
[onvif] received from IP
[s:Envelope]:192.168.2.108
[onvif] --> (POST /onvif/services HTTP/1.1 Content-Type: application/soap+xml; charset=utf-8; action="http://www.onvif.org/ver10/device/wsdl/GetNetworkDefaultGateway" Host: 192.168.2.168 Content-Length: 265 Accept-Encoding: gzip, deflate <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"><GetNetworkDefaultGateway xmlns="http://www.onvif.org/ver10/device/wsdl"/></s:Body></s:Envelope>)
[Bob] soap_malloc - Setting canary for 0x4ed480 of 112 bytes at 0x4ed4ee
[Bob] soap_malloc - Setting canary for 0x4ed518 of 68 bytes at 0x4ed55a
[SOAP] soap_element_begin_in tag SOAP-ENV:Envelope
[SOAP] soap_peek_element - tag-> s:Envelope Begin element found (level=1) 's:Envelope'='SOAP-ENV:Envelope', type='(null)'
[SOAP] soap_element_begin_in tag SOAP-ENV:Header
[SOAP] soap_peek_element - tag-> s:Envelope
[SOAP] soap_element_begin_in tag SOAP-ENV:Body
[SOAP] soap_peek_element Soap is peeked! Begin element found (level=2) 's:Body'='SOAP-ENV:Body', type='(null)'
[SOAP] soap_peek_element - tag-> s:Body
[Bob] - ONVIF: soap_serve_request - Got GetNetworkDefaultGateway, lookupindex = 4
[Bob] - ONVIF: soap_serve_request - Looking up SERVICE_DEVICE soap_id_enter Loc=0xbec64b4c looks wrong, resetting to NULL
[SOAP] soap_element_begin_in tag tds:GetNetworkDefaultGateway
[SOAP] soap_peek_element Soap is peeked! Begin element found (level=2) 'GetNetworkDefaultGateway'='tds:GetNetworkDefaultGateway', type='(null)'
[SOAP] soap_element_begin_in tag tds:GetNetworkDefaultGateway
[SOAP] soap_peek_element Soap is peeked! Begin element found (level=2) 'GetNetworkDefaultGateway'='tds:GetNetworkDefaultGateway', type=''
[Bob] onvif_src/onvif.c __tds__GetNetworkDefaultGateway(2968) - _GatewayAddress = 192.168.2.254
[Bob] soap_malloc - Setting canary for 0x4edb98 of 8 bytes at 0x4edb9e
[Bob] soap_malloc - Setting canary for 0x4edbe0 of 8 bytes at 0x4edbe6
[Bob] soap_malloc - Setting canary for 0x4edc10 of 104 bytes at 0x4edc76
[Bob] - onvif_src/onvifC.c:soap_serializeheader() - 28
[Bob] - onvif_src/onvifC.c:soap_serializeheader() - 31
[Bob] - onvif_src/stdsoap2.c:soap_reference() - 6998
[Bob] - onvif_src/stdsoap2.c:soap_pointer_lookup() - 6676 Lookup location=0x4edb98 type=5358
[Bob] - onvif_src/stdsoap2.c:soap_reference() - 6998
[Bob] - onvif_src/stdsoap2.c:soap_pointer_lookup() - 6676 Lookup location=0x4edc10 type=4 Element begin tag='SOAP-ENV:Envelope' @0x467db0 Element begin tag='SOAP-ENV:Body' @0x467db0
[Bob] - onvif_src/stdsoap2.c:soap_embed() - 6649
[Bob] - onvif_src/stdsoap2.c:soap_pointer_lookup() - 6676 Lookup location=0xbec64b48 type=5242
[Bob] Lookup location=0xbec64b48 is out of bounds
[Bob] - onvif_src/stdsoap2.c:soap_embedded_id() - 7057 Element begin tag='tds:GetNetworkDefaultGatewayResponse' @0x467db0
[Bob] - onvif_src/stdsoap2.c:soap_element_id() - 9727
[Bob] - onvif_src/stdsoap2.c:soap_embedded_id() - 7057 Element begin tag='tds:NetworkGateway' @0x467db0
[Bob] - onvif_src/stdsoap2.c:soap_element_id() - 9727 Element begin tag='tt:IPv4Address' @0x467db0 Element begin tag='SOAP-ENV:Envelope' @0x467db0 Element begin tag='SOAP-ENV:Body' @0x467db0
[Bob] - onvif_src/stdsoap2.c:soap_embed() - 6649
[Bob] - onvif_src/stdsoap2.c:soap_pointer_lookup() - 6676 Lookup location=0xbec64b48 type=5242
[Bob] Lookup location=0xbec64b48 is out of bounds
[Bob] - onvif_src/stdsoap2.c:soap_embedded_id() - 7057 Element begin tag='tds:GetNetworkDefaultGatewayResponse' @0x467db0
[Bob] - onvif_src/stdsoap2.c:soap_element_id() - 9727
[Bob] - onvif_src/stdsoap2.c:soap_embedded_id() - 7057 Element begin tag='tds:NetworkGateway' @0x467db0
[Bob] - onvif_src/stdsoap2.c:soap_element_id() - 9727 Element begin tag='tt:IPv4Address' @0x467db0
[onvif] fsend 2884 @ 0x467db0 - bufsize = 10240
[onvif] fsend 2884 @ 0x467db0 - Content START>>> HTTP/1.1 200 OK Server: gSOAP/2.8 Content-Type: application/soap+xml; charset=utf-8; action="http://www.onvif.org/ver10/device/wsdl/GetNetworkDefaultGateway" Content-Length: 2680 Connection: close <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2003/05/soap-envelope" xmlns:SOAP-ENC="http://www.w3.org/2003/05/soap-encoding" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:c14n="http://www.w3.org/2001/10/xml-exc-c14n#" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:dn="http://www.onvif.org/ver10/network/wsdl" xmlns:wsa5="http://www.w3.org/2005/08/addressing" xmlns:xmime="http://tempuri.org/xmime.xsd" xmlns:xop="http://www.w3.org/2004/08/xop/include" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:tt="http://www.onvif.org/ver10/schema" xmlns:wsrfbf="http://docs.oasis-open.org/wsrf/bf-2" xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:wstop="http://docs.oasis-open.org/wsn/t-1" xmlns:d="http://schemas.xmlsoap.org/ws/2005/04/discovery" xmlns:ns2="http://www.onvif.org/ver10/network/wsdl/RemoteDiscoveryBinding" xmlns:ns3="http://www.onvif.org/ver10/network/wsdl/DiscoveryLookupBinding" xmlns:ns1="http://www.onvif.org/ver10/network/wsdl" xmlns:ns4="http://www.onvif.org/ver20/analytics/wsdl/RuleEngineBinding" xmlns:ns5="http://www.onvif.org/ver20/analytics/wsdl/AnalyticsEngineBinding" xmlns:ns6="http://docs.oasis-open.org/wsn/b-2" xmlns:ns7="http://docs.oasis-open.org/wsn/t-1" xmlns:ns9="http://www.onvif.org/ver10/events/wsdl/EventBinding" xmlns:tet="http://www.onvif.org/ver10/events/wsdl" xmlns:tan="http://www.onvif.org/ver20/analytics/wsdl" xmlns:tad="http://www.onvif.org/ver10/analyticsdevice/wsdl" xmlns:tds="http://www.onvif.org/ver10/device/wsdl" xmlns:timg="http://www.onvif.org/ver20/imaging/wsdl" xmlns:tls="http://www.onvif.org/ver10/display/wsdl" xmlns:tmd="http://www.onvif.org/ver10/deviceIO/wsdl" xmlns:tptz="http://www.onvif.org/ver20/ptz/wsdl" xmlns:trc="http://www.onvif.org/ver10/recording/wsdl" xmlns:trp="http://www.onvif.org/ver10/replay/wsdl" xmlns:trt="http://www.onvif.org/ver10/media/wsdl" xmlns:trv="http://www.onvif.org/ver10/receiver/wsdl" xmlns:tse="http://www.onvif.org/ver10/search/wsdl" xmlns:ter="http://www.onvif.org/ver10/error" xmlns:tns1="http://www.onvif.org/ver10/topics" xmlns:dis="http://docs.oasis-open.org/ws-dd/ns/discovery/2009/01"><SOAP-ENV:Body><tds:GetNetworkDefaultGatewayResponse><tds:NetworkGateway><tt:IPv4Address>192.168.2.254</tt:IPv4Address></tds:NetworkGateway></tds:GetNetworkDefaultGatewayResponse></SOAP-ENV:Body></SOAP-ENV:Envelope> <<< END
[SOAP_MEM_DEBUG] soap_dealloc 7509 Data corruption in dynamic allocation (see logs) -->
[SOAP] tag = s:Envelope, q=0x4edba0, f=0x4edc78
[Bob] boa soap_dealloc 7528
[SOAP_MEM_DEBUG] soap_dealloc 7509 Data corruption in dynamic allocation (see logs) -->
[SOAP] tag = s:Envelope, q=0x4edba0, f=0x4edba0
[Bob] boa soap_dealloc 7528
[Bob] buffer.c 257 - Buffer start (nil) == buffer end (nil)
I also have a question about the code in stdsoap2.c - it seems to use the register keyword a lot (as well as static) but I can't see a good reason to do so for a lot of the cases. Does anyone know if this is done with good reason or is it some artefact of the auto-generated code than can be removed?
