IBM Support

IC89462: UNDETECTED BLOCK HEADER CORRUPTION CAN BE MASKED IN SOME CONDITI ONS WHEN MERGING ADJACENT FREE BLOCKS LEADING TO SEGV IN MT_FREE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • When a session goes to free memory, in mt_free it checks to see
if the block getting freed can be merged with either it's next
or previous neighbor.  In the case where a block can't get
merged with it's next neighbor, but can merge with it's previous
neighbor, it is not correctly checking to see if it's next
neighbor block header is already corrupted or not, so then when
it performs the merge, it is incorrectly resetting the checkword
of the next block which masks the corruption.  So then it's
possible when/if the engine free's that next block address, it
could segv/bus because the block header check it does to see if
the header is intact fails to detect the corruption due to the
fact the checkword was reset during the merge so that the
corruption now looks like it's what the block header should look
like.  Here's a sample stack trace of the segv crash in mt_free
that was the result of the merge resetting the checkword and
making the check for corruption in the block header ineffective:

 afstack
 mt_ex_throw_sig
 afsig_handler
 <signal frame>
 mt_free
 meFree
 frSqlEnv
 cmDiscon
 ascAbort
 asfExit
 ASF_Call
 sqscb_cleanup
 destroy_session
 sq_exit
 sqmain
 spawn_thread
 startup

Any stack with mt_free at the top would likely be possible, but
upon examination of the block header for the pointer trying to
be freed you would see the following:

some portion of the block header would actually be corrupted
the checkword for the block would be set such that it does not
detect any corruption
depending on when it was discovered, it would also be likely
that the block previous to the corrupted block would be marked
as a free block (or possibly drained).

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
* Any IDS user could in theory be affected                     *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
* See Error Description                                        *
****************************************************************
* RECOMMENDATION:                                              *
* Update to IDS-11.50.xC10                                     *
****************************************************************

    



Problem conclusion


    

  • Problem Fixed In IDS-11.50.xC10. A memory check has been added
to catch and repair this problem before it causes a crash.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IC89462
    • 

  • Reported component name
    IBM IDS ENTRP E
    • 

  • Reported component ID
    5724L2304
    • 

  • Reported release
    B15
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-01-10
    • 

  • Closed date
    2014-11-07
    • 

  • Last modified date
    2014-11-07
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    IBM IDS ENTRP E
    • 

  • Fixed component ID
    5724L2304
    • 



Applicable component levels


    

  • RB15  PSN
       UP
    • 

  • RB15  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSGU8G","label":"Informix Servers"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"B15","Edition":"","Line of Business":{"code":"LOB10","label":"Data and AI"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            07 November 2014
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback