Microsoft KB Archive/812391

= XADM: Information Store Crashes When It Processes NULL in pbData. =

Article ID: 812391

Article Last Modified on 2/21/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Server Standard Edition

-





KMS Template Article: CPR - Exchange 2000 - Hotfix in SP4



SYMPTOMS
The information store service (Store.exe) may crash unexpectedly and display an access violation error message. If the correct Microsoft Windows 2000 and Exchange 2000 debug symbols are installed, then the resulting Dr. Watson log may display a stack dump similar to the following: ChildEBP RetAddr Args to Child 6b6ef764 005ed033 00000000 0000003b 083c4438 store!IDSET::EcLoadBinary+0x3e 6b6ef784 005b7e25 00007fbc 6b6ef7ec 0000115b store!INCRCTX::EcUpldStStrmEnd+0x54 6b6ef7a0 004ff729 00000006 0c9a7038 6b6ef8d8 store!EcUpldStStrmEndOp+0x5a 6b6ef7b0 00501cd3 00000003 0000115b 6b6ef8f4 store!EcUpldStStrmEnd+0x2c 6b6ef8d8 004399bc 6b6ef900 00007fff 6b6ef8f4 store!EcRpc+0x1c45 6b6ef8f0 77d447d8 6b416bd0 144f9b30 000001fe store!EcDoRpc+0x60 6b6ef914 77da2586 00439977 6b6efab8 00000004 RPCRT4!Invoke+0x30 6b6efd10 77da31d1 00000000 00000000 6b6efdfc RPCRT4!NdrStubCall2+0x63d 6b6efd2c 77d44cee 6b6efdfc 2871b148 6b6efdfc RPCRT4!NdrServerCall2+0x17 6b6efd64 77d44bfb 00439967 6b6efdfc 6b6efe40 RPCRT4!DispatchToStubInC+0x84 6b6efdbc 77d44b21 00000002 00000000 6b6efe40 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x100 6b6efddc 77d49cb8 6b6efdfc 00000000 6b6efe40 RPCRT4!RPC_INTERFACE::DispatchToStub+0x5e 6b6efe44 77d49bac 00000000 6f485120 6f3bd180 RPCRT4!OSF_SCALL::DispatchHelper+0xa4 6b6efe58 77d499a5 00000000 00000002 00000001 RPCRT4!OSF_SCALL::DispatchRPCCall+0x115 6b6efe90 77d496cb 6f485108 00000203 00000002 RPCRT4!OSF_SCALL::ProcessReceivedPDU+0x43 6b6efeb0 77d49259 6f485108 00000260 00015f90 RPCRT4!OSF_SCALL::BeginRpcCall+0xd0 6b6eff10 77d491d0 00000000 6f485108 00000260 RPCRT4!OSF_SCONNECTION::ProcessReceiveComplete+0x235 6b6eff20 77d5d1cd 000b9f38 0000000c 00000000 RPCRT4!ProcessConnectionServerReceivedEvent+0x1b 6b6eff74 77d5d074 77d50d7f 000b9f38 77fcb4b8 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0xcd 6b6eff78 77d50d7f 000b9f38 77fcb4b8 77fcb4cf RPCRT4!ProcessIOEventsWrapper+0x9



CAUSE
The buffer pointer pbData is being passed into the EcLoadBinary routine as NULL with a non null cbData. However, the real problem is not that the pbData is NULL. It appears that an &quot;end&quot; stream marker is being received for the cnsetRead stream without receiving a corresponding &quot;begin&quot; stream. If an “end” of stream is received without a “begin” of stream in the INCRCTX and COLLECT objects processing, then it will cause a crash on the server. It is not clear as to why the client would send ICS state stream rops come out of order to the server, but the server should protect itself and return an error rather than crash. This might happen if a client's state gets corrupted on the client.



Cumulative Patch Information
To resolve this problem, obtain the March 2003 Exchange 2000 Server Post-Service Pack 3 (SP3) Rollup. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

813840 XGEN: March 2003 Exchange 2000 Server Post-Service Pack 3 Rollup

Hotfix Information
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Microsoft Exchange 2000 Server service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel. Component: MDB Date        Time   Version      Size       File name - 08-Jan-2003 20:06  6.0.6396.0   3,915,776  Cdoex.dll 08-Jan-2003 19:54  6.0.6396.0     131,072  Drviis.dll 08-Jan-2003 20:06  6.0.6396.0   3,571,712  Excdo.dll 08-Jan-2003 19:54  6.0.6396.0     258,048  Exmime.dll 08-Jan-2003 19:58  6.0.6396.0   1,691,648  Exoledb.dll 08-Jan-2003 19:58  6.0.6396.0     303,104  Exsmtp.dll 08-Jan-2003 19:21  6.0.6396.0   2,260,992  Mdbmsg.dll 08-Jan-2003 18:52  6.0.6396.0      32,768  Mdbrole.dll 08-Jan-2003 19:51  6.0.6396.0      94,208  Peexch50.dll 08-Jan-2003 19:52  6.0.6396.0     393,216  Phatcat.dll 08-Jan-2003 19:54  6.0.6396.0   4,591,616  Store.exe Important Because of file dependencies, this update requires Microsoft Exchange 2000 Server Service Pack 3 (SP3). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

301378 How to Obtain the Latest Exchange 2000 Server Service Pack



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.

Keywords: kbhotfixserver kbqfe kbqfe kbfix kbexchange2000presp4fix kbbug KB812391

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.