IBM Support

IV78401: FPGA - MEMORY OVERWRITE DURING SCRATCH AREA UPDATE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

APAR status

  • Closed as program error.

Error description

  • Error Message: Implication: Data can be inflated wrong. DEFLATE
    potential data corruption; ZLIB/GZIP detection of problem via
    CRC32/ADLER32, circumvention is to use software inflate
        Likelyhood: We needed 1 year to generate the right
    use-pattern combined with the right set of data (empty input
    buffer and filled scratch area) to have this showing up
        Who needs this: Everybody using our code
        References: HW329944 zlib decompression fails w/ 100 byte
    i/o buffer
    .
    Stack Trace: N/A
    .
    A sequence of two DDCBs causes the problem:
    1st DDCB:
    - 100 Bytes data in
    - 540bits header (67bytes + 4bits). Plus IN_HDR_IB = 4bits => 68
    bytes. That means the tree area (rounded up to mult. of 8 bytes)
    is 72 bytes.
    - IN_SCRATCH_LEN=73, therefore the scratch area is 1 Byte.
    SCRATCH_IB=5.
    => 3 bits partial Huffman symbol in scratch
    DDCB1 output: processed 95Bytes + 5bits = 765 bits input.
    Input tree + scratch = 543 bits
    => 765-543 = 222 bits from input consumed. That is 27 Bytes + 6
    bits from the 100 input bytes.
    73 Bytes (actually 72 Bytes + 2 bits) are left over and copied
    to the scratch area
    The output buffer is not full, and the input buffer is not fully
    processed.
    => The input didn't contain a complete tree + Huffman symbol
    yet. Hardware can't produce any output from the remaining input
    bytes. Software must add more input to get new output.
    In this case, software runs the remaining data again through the
    HW with no additional input data (DDCB2). As expected, there is
    no output. However, HW detects a full 562bit (70B+2b) tree in
    the input data.
    

Local fix

Problem summary

  • Problem is caused While processing the data in the scratch
    buffer Eberhard identified a memory overwrite situation. This is
    causing that data is not properly decompressed and can therefore
    change user-data. For DEFLATE mode the wrong data might pass
    unnoticed! For GZIP and ZLIB the CRC32/ADLER32 will help to
    identify the failing inflate.
    

Problem conclusion

  • use memmove to copy overlapping byte ranges correctly.
     Don't call inflate with an empty input buffer (at least not if
    the available input couldn't be processed by a previous DDCB and
    the output buffer was not full).
    .
    This APAR will be fixed in the following Java Releases:
       8    SR2       (8.0.2.0)
       7    SR9 FP20  (7.0.9.20)
       7 R1 SR3 FP20  (7.1.3.20)
    .
    Contact your IBM Product's Service Team for these Service
    Refreshes and Fix Packs.
    For those running stand-alone, information about the available
    Service Refreshes and Fix Packs can be found at:
               https://www.ibm.com/developerworks/java/jdk/
    

Temporary fix

Comments

APAR Information

  • APAR number

    IV78401

  • Reported component name

    JAVA CLASS LIBS

  • Reported component ID

    620700130

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2015-10-27

  • Closed date

    2015-10-27

  • Last modified date

    2015-10-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    JAVA CLASS LIBS

  • Fixed component ID

    620700130

Applicable component levels

  • R800 PSY

       UP

  • R700 PSY

       UP



Document information

More support for: Runtimes for Java Technology
Java Class Libraries

Software version: 800

Reference #: IV78401

Modified date: 27 October 2015