Notes/Domino Fix List - SPR Number LVAE6G7EP8

SPR

Technote

Domino server PANICs in Cmovmen when passed an invalid address from NCDfield::RestorePos

Technote Number: 1217453

Problem:
This issue was reported to Quality Engineering as SPR# LVAE6G7EP8 and has been
fixed in Domino 7.0.1, Domino 6.5.5 Fix Pack 1 (FP1) and Domino 6.5.6. Refer
to the Upgrade Central site for details on upgrading Notes/Domino.

Excerpt from the Lotus Domino fix list (available at
http://www.ibm.com/developerworks/lotus):
Web Server
SPR# LVAE6G7EP8 - Panic occurs in Cmovmem when passed an invalid address from
NCDfield::RestorePos.

Bad data is not being detected and handled.

Callstacks are as follows

Crash #1
PROCESSING TCB= 8C1E88 - TCB is active. OMVS TID= 17FB083000000031
CPU TIME = 00000001B45A67A0 secs= 1
DSA@=28328400 EP@=17276200 msgctl
DSA@=283284E0 EP@=17C58358 OS390_dump +35C
DSA@=28328720 EP@=17C662B0 fatal_error +392
DSA@=283289E0 EP@=172DCCB0 __zerro +A10
DSA@=28329520 EP@=172DCA70 __zerros +1E6
DSA@=283295A0 UPTODOWN transition block@=28329DF0
DSA@=2828E8F0 EP@=07D178F8 CEEVROND -7FFFFFA8
********** EXCEPTION DSA ************************
ZMCH BLOCK at address 2828B478 PSW= 078D0400 97D235A6
R0= 00000000 R1= 0AA7C1B5 R2= 2832AB14 R3= 00000002
R4= 28329660 R5= 1AA88F68 R6= 00000001 R7= 17D23A80
R8= 97D2355A R9= 2832AB14 R10= 0AA7C1B5 R11= 00000002
R12= 2828CBD8 R13= 28329FC8 R14= 2832AB14 R15= 1AA48B20
**** warning the next dsa was NOT active *******
**** the module name and offset are ***********
**** for the last called function. ***********
DSA@=2828DD70 EP@=07C1ED08 CEEHDSP +CD4
DSA@=2828DD70 DOWNTOUP transition block@=2828DDF0
DSA@=28329660 EP@=17D23550 Cmovmem +23E9866B
DSA@=283296E0 EP@=1900E878 ODSReadMemory +5A
DSA@=28329760 EP@=24CDF280 NCDiterator::nextrec(char*&,unsigned short&,unsigne
+13A
DSA@=283298E0 EP@=24CE0100 NCDfield::RestorePos(const char*) +14E
DSA@=283299E0 EP@=24E80210 CmdHandlerBase::HandleOpenElementCmd(OpenElementCmd
+780
DSA@=2832AE60 EP@=24B28560 CmdHandlerBase::PrivHandle(Cmd*,Cmd*) +15A
DSA@=2832AF20 EP@=24B1F390 CmdHandler::PrivHandle(Cmd*) +D6
DSA@=2832AFA0 EP@=24B1F5C8 CmdHandler::Handler(Cmd*,void*) +D8
DSA@=2832C940 EP@=24B04018 Cmd::Execute() +84
DSA@=2832C9E0 EP@=24C59298 InotesHTTPProcessRequestImpl(_InotesHTTPrequest*)
+A34
DSA@=2832E700 EP@=24C591C8 InotesHTTPProcessRequest +38
DSA@=2832EFE0 EP@=1B4F3210 HTInotesRequest::ProcessRequest() +D8
DSA@=2832F460 EP@=1B4DFAF0 HTRequestExtContainer::ProcessRequest(HTApplication
DSA@=2832F4E0 EP@=1B528A00 HTRequest::ProcessRequest() +A30
DSA@=2832FF00 EP@=1B53FBC0 HTSession::StartRequest() +430
DSA@=28330A00 EP@=1B573888 HTWorkerThread::CheckForWork() +252
DSA@=28331460 EP@=1B5734D0 HTWorkerThread::ThreadMain() +15E
DSA@=28331560 EP@=1B5636D0 HTThreadBeginProc +6A
DSA@=283315E0 EP@=17BC6890 ThreadWrapper +450
DSA@=28331680 EP@=17CBD450 threadEP +E8
DSA@=28331720 UPTODOWN transition block@=28331F70
DSA@=7E9A3E78 EP@=07D178F8 CEEVROND -7FFFFFA8
DSA@=2828D550 EP@=00010AB0 CEEOPCMM -7FFFF6EA
DSA@=7E9A27D0 EP@=00000000 zero pointer? +449491A
DSA@=7E9A2000 EP@=00010AB0 CEEOPCMM -80010AB0
33 dsa entries formatted. Method=6

Crash #2
############################################################
### FATAL THREAD 26/60 [ nHTTP:08fc:0948]
### FP=0x0bfbc5dc, PC=0x6000174b, SP=0x0bfbc5d0, stksize=12
### EAX=0x0bfbd13c, EBX=0x077d13f2, ECX=0x0bfbd13c, EDX=0x077d13f4
### ESI=0x00000002, EDI=0x077d13f2, CS=0x0000001b, SS=0x00000023
### DS=0x00000023, ES=0x00000023, FS=0x0000003b, GS=0x00000000 Flags=0x00010293
Exception code: c0000005 (ACCESS_VIOLATION)
############################################################
@[ 1] 0x6000174b nnotes._Cmovmem@12+267 (77d13f2,bfbd13c,2,bfbc7dc)
@[ 2] 0x600040ec nnotes._ODSReadMemory@16+60 (bfbc6c4,0,bfbd13c,1)
@[ 3] 0x004999b6 ninotes.NCDiterator::nextrec+166 (bfbc7dc,bfbc7f6,bfbc7e0,0)
@[ 4] 0x00499825 ninotes.NCDiterator::GetNextRec+37
(bfbc7dc,467d133c,bfbc7e0,65fe58)
@[ 5] 0x00499fe5 ninotes.NCDfield::RestorePos+181
(5901cf,428000f4,1578f78,7c59c354)
@[ 6] 0x004f362b ninotes.CmdHandlerBase::HandleOpenElementCmd+1323
(bfbd1e4,0,428000f4,1578f78)
@[ 7] 0x004400d8 ninotes.CmdHandlerBase::PrivHandle+248 (428000f4,0,0,1578f78)
@[ 8] 0x0043e12b ninotes.CmdHandler::PrivHandle+123
(428000f4,0,428000f4,4280a0f4)
@[ 9] 0x0043e24d ninotes.CmdHandler::Handler+221
(428000f4,1578f78,6003e040,bfbe504)
@[10] 0x0043849a ninotes.Cmd::Execute+58 (41bd9bc8,41bd98e4,0,66f404)
@[11] 0x0047f3c3 ninotes._InotesHTTPProcessRequest+1715
(41bd9bd8,41bd9bc8,41bd98e4,0)
@[12] 0x0047ed3f ninotes._InotesHTTPProcessRequest+47 (41bd9bd8,3,41bd9904,4)
@[13] 0x10014074 nhttpstack.HTInotesRequest::ProcessRequest+36
(41bd98e4,41bd9780,0,3)
@[14] 0x100101c1 nhttpstack.HTRequestExtContainer::ProcessRequest+545
(5,453163d0,423e8a4,0)
@[15] 0x1001cf9a nhttpstack.HTRequest::ProcessRequest+1722 (1,159c71e,0,423e8f8)
@[16] 0x10021616 nhttpstack.HTSession::StartRequest+790
(159c72a,159c71e,0,60092751)
@[17] 0x1002aa0d nhttpstack.HTWorkerThread::CheckForWork+285
(3,159c71e,10027ad0,10027afa)
@[18] 0x1002a897 nhttpstack.HTWorkerThread::ThreadMain+87 (159c71e,0,0,0)
@[19] 0x60116094 nnotes._ThreadWrapper@4+212 (0,0,0,0)
[20] 0x7c57b3bc KERNEL32.CreateProcessW+362
More >

Document options

Print this document

Print view

Advanced Search

Fix list views

RSS feeds

Subscribe to the fix list

Resources

	Using this database
	View notices

HCL Support

About HCL

Privacy

Contact