|
Problem IC91743
|
Status: Closed |
MEMORY OVERWRITE WHEN USING UTL_FILE or DBMS_OUTPUT.ENABLE with buffer size bigger then 32K. |
| product: |
DB2 FOR LUW / DB2FORLUW / A10 - DB2 |
| Problem description: |
Memory overwrite can happen if
1) application is using DBMS_OUTPUT.ENABLE with buffer size
bigger then 32K and data is written into the buffer which has no
null terminators for longer then 32K bytes.
2) application is using UTL_FILE.FCLOSE.
The crash will have a message similar to the following in the
db2diag.log:
2012-08-30-00.17.48.856591-240 E3800797A1291 LEVEL: Severe
PID : 22216748 TID : 30431 PROC : db2sysc
0
INSTANCE: dbinst1 NODE : 000 DB : SAMPLE
APPHDL : 0-34250 APPID: *LOCAL.DB2.120830052553
AUTHID : DB2INST1
EDUID : 30431 EDUNAME: db2agent (SAMPLE) 0
FUNCTION: DB2 UDB, SQO Memory Management,
sqloDiagnoseFreeBlockFailure,
probe:999
MESSAGE : Memory validation failure, diagnostic file dumped.
DATA #1 : String, 28 bytes
Corrupt pool free tree node.
DATA #2 : File name, 34 bytes
22216748.30431.mem_diagnostics.txt
CALLSTCK:
[0] 0x09000000136BC624 pdLog + 0xD0
[1] 0x0900000012A1B5E0
diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc + 0x280
[2] 0x0900000012A1B288
diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc@glue7DC
+ 0x78
[3] 0x090000001354F3E0
.MemTreePut.fdpr.clone.499__13SQLO_MEM_POOLFP8SMemNodeUlP17SqloC
hunkSubgroup + 0xC
[4] 0x09000000135563E8 sqlofmblkEx + 0x278
[5] 0x0900000015682AF4 sqlerTrustedRtnCallbackFmblk__FUiPPv
+0x110
[6] 0x090000001566F690 sqlerTrustedRtnCallbackRouter__FUiPPv
+0xC4
[7] 0x090000001B1952C8 freeMemory__FPv + 0x48
[8] 0x090000001B195414 poolFree__FPv@AF16_10 + 0x14
[9] 0x090000001B1965EC removeEntry__10hashBucketFPCvUl + 0x8C
In the trap file produced, you will see the following:
-------Frame------ ------Function + Offset------
0x09000000132DED34 sqloCrashOnCriticalMemoryValidationFailure
+0x30
0x0900000012A1B5E8
diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc + 0x288
0x0900000012A1B288
diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc@glue7DC
+ 0x78
0x090000001354F3E0
.MemTreePut.fdpr.clone.499__13SQLO_MEM_POOLFP8SMemNodeUlP17SqloC
hunkSubgroup + 0xC
0x09000000135563E8 sqlofmblkEx + 0x278
0x0900000015682AF4 sqlerTrustedRtnCallbackFmblk__FUiPPv + 0x110
0x090000001566F690 sqlerTrustedRtnCallbackRouter__FUiPPv + 0xC4
0x090000001B1952C8 freeMemory__FPv + 0x48
0x090000001B195414 poolFree__FPv@AF16_10 + 0x14
0x090000001B1965EC removeEntry__10hashBucketFPCvUl + 0x8C
0x090000001B196460 remove__9hashTableFPCvUl + 0x20
0x090000001B1B1604 sqleml_removeFile__FP18sqleml_sessionDatai
+0x44
0x090000001B1B1538 sqleml_utl_file_fclose + 0x1B8
0x09000000136AF41C sqloInvokeFnArgs + 0xD0
0x0900000013F38964
sqlriInvokerTrusted__FP10sqlri_ufobP21sqlriRoutineErrorIntf +0xC
0x09000000136ACE1C sqlriInvokeInvoker__FP10sqlri_ufobb + 0xB78
0x090000001372A474 sqlricall__FP8sqlrr_cb + 0x188 |
| Problem Summary: |
****************************************************************
* USERS AFFECTED: *
* Users of UTL_FILE or DBMS_OUTPUT.ENABLE *
****************************************************************
* PROBLEM DESCRIPTION: *
* Memory overwrite can happen if *
* 1) application is using DBMS_OUTPUT.ENABLE with buffer size *
* bigger then 32K and data is written into the buffer which *
* has no *
* null terminators for longer then 32K bytes. *
* *
* 2) application is using UTL_FILE.FCLOSE. *
* *
* The crash will have a message similar to the following in *
* the *
* db2diag.log: *
* 2012-08-30-00.17.48.856591-240 E3800797A1291 LEVEL: *
* Severe *
* PID : 22216748 TID : 30431 PROC : *
* db2sysc *
* 0 *
* INSTANCE: dbinst1 NODE : 000 DB : *
* SAMPLE *
* APPHDL : 0-34250 APPID: *
* *LOCAL.DB2.120830052553 *
* AUTHID : DB2INST1 *
* EDUID : 30431 EDUNAME: db2agent (SAMPLE) 0 *
* FUNCTION: DB2 UDB, SQO Memory Management, *
* sqloDiagnoseFreeBlockFailure, *
* probe:999 *
* MESSAGE : Memory validation failure, diagnostic file dumped. *
* DATA #1 : String, 28 bytes *
* Corrupt pool free tree node. *
* DATA #2 : File name, 34 bytes *
* 22216748.30431.mem_diagnostics.txt *
* *
* CALLSTCK: *
* [0] 0x09000000136BC624 pdLog + 0xD0 *
* [1] 0x0900000012A1B5E0 *
* diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc + *
* 0x280 *
* [2] 0x0900000012A1B288 *
* diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc@glu *
* e7DC *
* + 0x78 *
* [3] 0x090000001354F3E0 *
* .MemTreePut.fdpr.clone.499__13SQLO_MEM_POOLFP8SMemNodeUlP17S *
* qloC *
* hunkSubgroup + 0xC *
* [4] 0x09000000135563E8 sqlofmblkEx + 0x278 *
* [5] 0x0900000015682AF4 *
* sqlerTrustedRtnCallbackFmblk__FUiPPv *
* +0x110 *
* [6] 0x090000001566F690 *
* sqlerTrustedRtnCallbackRouter__FUiPPv *
* +0xC4 *
* [7] 0x090000001B1952C8 freeMemory__FPv + 0x48 *
* [8] 0x090000001B195414 poolFree__FPv@AF16_10 + 0x14 *
* [9] 0x090000001B1965EC removeEntry__10hashBucketFPCvUl + *
* 0x8C *
* *
* In the trap file produced, you will see the following: *
* -------Frame------ ------Function + Offset------ *
* 0x09000000132DED34 *
* sqloCrashOnCriticalMemoryValidationFailure *
* +0x30 *
* 0x0900000012A1B5E8 *
* diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc + *
* 0x288 *
* 0x0900000012A1B288 *
* diagnoseMemoryCorruptionAndCrash__13SQLO_MEM_POOLFUlCPCc@glu *
* e7DC *
* + 0x78 *
* 0x090000001354F3E0 *
* .MemTreePut.fdpr.clone.499__13SQLO_MEM_POOLFP8SMemNodeUlP17S *
* qloC *
* hunkSubgroup + 0xC *
* 0x09000000135563E8 sqlofmblkEx + 0x278 *
* 0x0900000015682AF4 sqlerTrustedRtnCallbackFmblk__FUiPPv + *
* 0x110 *
* 0x090000001566F690 sqlerTrustedRtnCallbackRouter__FUiPPv + *
* 0xC4 *
* 0x090000001B1952C8 freeMemory__FPv + 0x48 *
* 0x090000001B195414 poolFree__FPv@AF16_10 + 0x14 *
* 0x090000001B1965EC removeEntry__10hashBucketFPCvUl + 0x8C *
* 0x090000001B196460 remove__9hashTableFPCvUl + 0x20 *
* 0x090000001B1B1604 *
* sqleml_removeFile__FP18sqleml_sessionDatai *
* +0x44 *
* 0x090000001B1B1538 sqleml_utl_file_fclose + 0x1B8 *
* 0x09000000136AF41C sqloInvokeFnArgs + 0xD0 *
* 0x0900000013F38964 *
* sqlriInvokerTrusted__FP10sqlri_ufobP21sqlriRoutineErrorIntf *
* +0xC *
* 0x09000000136ACE1C sqlriInvokeInvoker__FP10sqlri_ufobb + *
* 0xB78 *
* 0x090000001372A474 sqlricall__FP8sqlrr_cb + 0x188 *
****************************************************************
* RECOMMENDATION: *
* Upgrade to DB2 v10.1 FP3 or newer. *
**************************************************************** |
| Local Fix: |
|
| available fix packs: |
DB2 Version 10.1 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 10.1 Fix Pack 6 for Linux, UNIX, and Windows
|
| Solution |
Fixed in DB2 v10.1 FP3 or newer. |
| Workaround |
not known / see Local fix |
| Timestamps |
Date - problem reported :
Date - problem closed :
Date - last modified :
| 22.04.2013
21.10.2013
21.10.2013 |
| Problem solved at the following versions (IBM BugInfos) |
|
| Problem solved according to the fixlist(s) of the following version(s) |
| 10.1.0.3
|
 |
| 10.1.0.3
|
|
