IV78401: FPGA - MEMORY OVERWRITE DURING SCRATCH AREA UPDATE
Closed as program error.
Error Message: Implication: Data can be inflated wrong. DEFLATE potential data corruption; ZLIB/GZIP detection of problem via CRC32/ADLER32, circumvention is to use software inflate Likelyhood: We needed 1 year to generate the right use-pattern combined with the right set of data (empty input buffer and filled scratch area) to have this showing up Who needs this: Everybody using our code References: HW329944 zlib decompression fails w/ 100 byte i/o buffer . Stack Trace: N/A . A sequence of two DDCBs causes the problem: 1st DDCB: - 100 Bytes data in - 540bits header (67bytes + 4bits). Plus IN_HDR_IB = 4bits => 68 bytes. That means the tree area (rounded up to mult. of 8 bytes) is 72 bytes. - IN_SCRATCH_LEN=73, therefore the scratch area is 1 Byte. SCRATCH_IB=5. => 3 bits partial Huffman symbol in scratch DDCB1 output: processed 95Bytes + 5bits = 765 bits input. Input tree + scratch = 543 bits => 765-543 = 222 bits from input consumed. That is 27 Bytes + 6 bits from the 100 input bytes. 73 Bytes (actually 72 Bytes + 2 bits) are left over and copied to the scratch area The output buffer is not full, and the input buffer is not fully processed. => The input didn't contain a complete tree + Huffman symbol yet. Hardware can't produce any output from the remaining input bytes. Software must add more input to get new output. In this case, software runs the remaining data again through the HW with no additional input data (DDCB2). As expected, there is no output. However, HW detects a full 562bit (70B+2b) tree in the input data.
Problem is caused While processing the data in the scratch buffer Eberhard identified a memory overwrite situation. This is causing that data is not properly decompressed and can therefore change user-data. For DEFLATE mode the wrong data might pass unnoticed! For GZIP and ZLIB the CRC32/ADLER32 will help to identify the failing inflate.
use memmove to copy overlapping byte ranges correctly. Don't call inflate with an empty input buffer (at least not if the available input couldn't be processed by a previous DDCB and the output buffer was not full). . This APAR will be fixed in the following Java Releases: 8 SR2 (188.8.131.52) 7 SR9 FP20 (184.108.40.206) 7 R1 SR3 FP20 (220.127.116.11) . Contact your IBM Product's Service Team for these Service Refreshes and Fix Packs. For those running stand-alone, information about the available Service Refreshes and Fix Packs can be found at: https://www.ibm.com/developerworks/java/jdk/
Reported component name
JAVA CLASS LIBS
Reported component ID
Last modified date
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fixed component name
JAVA CLASS LIBS
Fixed component ID
Applicable component levels