KnowledgeBase Archive

An Archive of Early Microsoft KnowledgeBase Articles

View on GitHub

Q192053: XADM: Information Store Access Violates When Freeing Memory

Article: Q192053
Product(s): Microsoft Exchange
Version(s): winnt:5.0,5.5
Operating System(s): 
Keyword(s): exc55sp2fix exc5 exc55
Last Modified: 23-FEB-2000

-------------------------------------------------------------------------------
The information in this article applies to:

- Microsoft Exchange Server, versions 5.0, 5.5 
-------------------------------------------------------------------------------


SYMPTOMS
========

During normal operation the Microsoft Exchange Information Store may terminate
unexpectedly with an access violation. If the correct Windows NT and Exchange
Server symbols are installed the resulting Dr. Watson log may have a stack dump
similar to the following:

  function: RtlEnterCriticalSection
  77f67410 648b0d18000000   move   cx,fs:[00000018]
   fs:00000018=????????
  77f67417 8b542404         mov    edx,[esp+0x4]
   ss:35cfdd07=????????
  FAULT:
  77f6741b 837a1400         cmp    dword ptr [edx+0x14],0x0
   ds:21531e85=????????
  77f6741f 754f             jnz    RtlEnterCriticalSection+0x60
   (77f67470)
  77f67421 f0ff4204         lock   inc dword ptr [edx+0x4]
   ds:21531e86=????????
  77f67425 7519             jnz    RtlEnterCriticalSection+0x30
   (77f67440)
  77f67427 8b4124           mov    eax,[ecx+0x24]
   ds:80e7ca06=????????
  77f6742a 89420c           mov    [edx+0xc],eax
   ds:21531e85=????????
  77f6742d c7420801000000   mov    dword ptr [edx+0x8],0x1
   ds:21531e85=????????
  77f67434 33c0             xor    eax,eax
  77f67436 c20400           ret    0x4
  77f67439 2e8bc0           mov    eax,cs:eax
  77f6743c 2e8bc0           mov    eax,cs:eax
  77f6743f 90               nop

*----> Stack Back Trace <----*

  FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name
  34ddf2fc 10002bb3 2061347f ffffffff 000002c1 00403648
   ntdll!RtlEnterCriticalSection
  34ddf38c 100016ae 20613437 00000000 34ddf410 34ddf3e8
   exchmem!_NULL_IMPORT_DESCRIPTOR
  34ddf3a0 00403b04 34ddf414 34ddf634 2c0f0c9c 00000000
   exchmem!MpHeapValidate
  34ddf3b8 005b5d33 34ddf540 2c0f0c9c 020e0e7c 00000002 store!FreePrv
  34ddf42c 005b7538 00000002 34ddf62c 34ddf470 34ddf46c
   store!EcGetCategPrv
  34ddf4ec 005b7ef2 2d790ff8 00000000 00000000 00000002
   store!EcBuildHeaderList
  34ddf5b4 005b88a8 2c0f0c9c 2d790ff8 00000000 00000000
   store!EcModifyMidFromCateg
  34ddf69c 004c7c45 2cfe0c9c 020e0e74 00000000 020e0e7c
   store!EcCategorizeMessage
  34ddf6d8 0040d89c 020e0e74 020e0e7c 00000000 2ddd0fc8
   store!EcProcessCategMessageEvent_1128ool_7571e
  34ddf6fc 0044cf9f 020e0e74 020e0e7c 00000000 2ddd0fc8
   store!EcSearchMessageEvent
  34ddf79c 0044c599 00000000 00000000 34ddf7d0 00000000
   store!RTFHTML::ScPopRTFToken
  34ddf80c 0056a3ce 00000000 00000061 00000000 00000000
   store!OMSG::EcSaveChanges
  34ddf878 005a2b0f 0f0e0f54 020e0e3c 07750e3c 00000001
   store!EcResolveMsgConflict
  34ddf924 005a2e79 34ddf944 07750e75 00004000 07750e3c
   store!OMSG::EcICSConflictCheck
  34ddf94c 004e6687 34ddf97c 34ddf978 00000000 00000021
   store!OMSG::EcUpdateICSProps
  34ddf9b0 0045b747 00000004 00000061 00000000 00000000
   store!OMSG::EcSaveChanges_9910gs_22p_14862091e
  34ddf9dc 0045b634 00000000 00000000 00000021 34ddfa1c
   store!EcSaveChangesMessageOp
  34ddfa20 004044ce 00000021 00000000 00000006 0021970a
   store!EcSaveChanges
  00000006 00000000 00000000 00000000 00000000 00000000 store!EcRpc
   [omap]


CAUSE
=====

A message saved into a public folder replica does not contain a value for a
specific property tag. When a user opens the message, modifies it, and tries to
save it in the public folder, the call to get the value of this property tag
fails so that no memory is allocated. However, the information store erroneously
tries to free this block of memory, resulting in the access violation and
termination of the Store.exe process.


RESOLUTION
==========

To resolve this problem, obtain the latest service pack for Exchange Server 5.5.
For additional information, please see the following article in the Microsoft
Knowledge Base:

  Q191014 XGEN: How to Obtain the Latest Exchange Server 5.5 Service Pack



STATUS
======

Microsoft has confirmed this to be a problem in Microsoft Exchange Server
versions 5.0 and 5.5.


A supported fix is now available, but has not been fully regression-tested and
should be applied only to systems experiencing this specific problem. Unless you
are severely impacted by this specific problem, Microsoft recommends that you
wait for the next service pack that contains this fix. Contact Microsoft
Technical Support for more information.




Additional query words: crash hang GPF

======================================================================
Keywords          : exc55sp2fix exc5 exc55 
Technology        : kbExchangeSearch kbExchange500 kbExchange550 kbZNotKeyword2
Version           : winnt:5.0,5.5
Issue type        : kbbug
Solution Type     : kbfix

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1986-2002.