02-26-2013 01:31 PM
we are on open VMS 7.1 and an RDB - RALLY legacy application is crashing with the following access violation msg , is there a way i can debug and see whats going on ?
%SYSTEM-F-ACCVIO, access violation, reason mask=00, virtual address=61657243202D2074, PC=61657243202D2074, PS=0000001B
Improperly handled condition, image exit forced.
Signal arguments: Number = 0000000000000005
Name = 000000000000000C
R0 = 000000007AD9B508 R1 = 000000007FF08A60 R2 = 2046414D20646574
R3 = 0000000000020208 R4 = 0000000000000009 R5 = 000000007AD9B850
R6 = 0000000000080BF1 R7 = 000000007FFAC9E0 R8 = 000000007FFAC1F8
R9 = 000000007FFAC400 R10 = 000000007FFAD230 R11 = 000000007FFCE3E0
R12 = 0000000000000000 R13 = FFFFFFFF81120C10 R14 = 0000000000000000
R15 = 000000007AE7DC20 R16 = 00000F0630000003 R17 = 0000000000000000
R18 = 0000000000000000 R19 = 0000000000000000 R20 = 0000000000000000
R21 = 1800000000000B03 R22 = 0000000000000000 R23 = 000000007FF08A60
R24 = FFFFFFFF8100C100 R25 = 0000000000000000 R26 = 61657243202D2074
R27 = 000000000000000C R28 = 0000000000000000 R29 = 2031363139343523
SP = 000000007AD9B5C0 PC = 61657243202D2074 PS = 000000000000001B
HOST_OTO job terminated at 26-FEB-2013 11:28:07.00
02-26-2013 01:57 PM
It is a read access violation (the 00 in the reason mask)
It is curious that the virtual address and the PC are the same and both look more like an ASCII string than an address that would be expected - if it is a string it is: (ignoring the enclosing double quote marks)
"15: - t"
Does that look familiar in any way? I wouldn't expect the instruction stream to be jumping to data under normal circumstances from Rally/Rdb, but superficially it appears that way.
02-26-2013 02:36 PM
>>> It is curious that the virtual address and the PC are the same and both look more like an ASCII string than an address that would be expected ...
That's a typical pattern when a string overwrites the return address on the stack. Easy to produce, like in
02-27-2013 12:11 PM
Sure looks like a clobbered call frame to me. I agree with Hartmut, almost certainly a string overflow. Translating the PC and VA into text, I get:
DBG> set radix hex
DBG> dep r0 = 61657243202D2074
DBG> ex/ascii:8 r0
0\%R0: 't - Crea'
Other information from the register dump which may help localise the problem:
R2 contains 'ted MAF ' and R29 '#549161 '. I'd guess they all parts of the same string, so you're looking for:
t - Created MAF #549161
Get yourself a process dump to get more address space to snoop around in.
02-28-2013 05:36 AM
Thanks Hartmut and John!
The original poster is Sami. I'm afraid I don't know enough about Rally to even speculate as to how that could happen.
I agree on your analysis of a clobbered call frame, probably due to some sort of overflow - I don't see such things often as I pretty much stick to standard Fortran with fixed length, descriptor-passed strings and use bounds checking on arrays :-)