IBM Support

Service bulletin 211: Potential errors from incorrect calloc API use with APAR PJ47075 applied

Preventive Service Planning


Abstract

With APAR PJ47075, the calloc C function initializes only the requested amount of storage to zero. Before PJ47075, the calloc function might initialize bytes beyond the requested storage size to zero. If an application relies on bytes beyond the requested amount of storage to be cleared, a bug exists in the application that might result in incorrect application processing, a system error, or both.

Content

In calloc function and CALOC macro processing, an 8-byte trailer that is intended to identify corruption is inserted after the buffer. The 8-byte corruption trailer is started on the first doubleword boundary after the end of the buffer. Before APAR PJ47075, the calloc function called the CALOC SVC routine, which cleared the requested amount of storage and the bytes between the end of the buffer and the start of the 8-byte corruption trailer. With APAR PJ47075, the calloc function allocates and initializes the ECB heap buffer itself instead of calling the CALOC SVC routine in most cases. In the updated calloc routine, the bytes between the requested storage size and the 8-byte corruption trailer are not cleared.

Before APAR PJ47075, if application called the calloc function and relied on a few bytes beyond the requested size to be zero, the application might not encounter any issues. With APAR PJ47075, the same application might take the wrong path in the application, or encounter issues such as system errors 000003 or 000075, or both, because the extra bytes are not initialized to zero. It is considered an application bug if an application uses more bytes than it requested on the calloc function call.

For example, assume an application calls the calloc C function to request a buffer that is 5 bytes. The calloc function allocates the buffer and initializes 5 bytes to zero. An 8-byte corruption trailer is inserted at byte 8, which is the first doubleword that follows the end of the buffer. With PJ47075, the 3 bytes between the end of the buffer and the start of the 8-byte corruption trailer are not set to zero and they can be any value. If the application uses any bytes beyond the 5 that were requested, it is considered an application bug.

To temporarily revert to the previous behavior of the calloc function while those application bugs are being resolved, take one of the following actions:

  • At line 140 in segment /base/rt/ccaloc.asm, change the first conditional jump to the label CALLOC_SVC to a J instruction so that the CALOC SVC routine is always called.
     
  • For an online system, enter the ZAPGM command on the z/TPF console to apply this patch in the object ccaloc.o of the program CTIS. For example, enter ZAPGM CTIS.ccaloc 88 A7F4 VALDATA-A714 if the current ccaloc.o listings has the following code snippet: 
    00000084 9140 7150      00000150            8488          TM    CE2DBINIT(R7),CE2DBINIT_UD                               @PJ47075
00000088 A714 0212               000004AC   8489          JO    CALLOC_SVC         yes, go issue SVC                     @PJ47075

[{"Type":"MASTER","Line of Business":{"code":"LOB70","label":"Z TPS"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSZL53","label":"z\/Transaction Processing Facility (TPF)"},"ARM Category":[{"code":"a8m0z000000cxCtAAI","label":"z\/TPF"}],"ARM Case Number":"","Platform":[{"code":"PF036","label":"z\/TPF"}],"Version":"All Versions"}]

Document Information

Modified date:
11 June 2024

UID

ibm17156627

Page Feedback