Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-7002634

Crash in ntdll.dll RtlEnterCriticalSection due to race condition in JdbcOdbcConnection

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P5
    • Resolution: Future Project
    • Affects Version/s: 7
    • Fix Version/s: None
    • Component/s: core-libs
    • Labels:

      Description

      SYNOPSIS
      --------
      Crash in ntdll.dll RtlEnterCriticalSection due to race condition in JdbcOdbcConnection

      OPERATING SYSTEM
      ----------------
      Windows on x86


      NOTE
      ----
      Not reproduced with Oracle JDK, but problem code is present in Oracle codebase.


      PROBLEM DESCRIPTION
      -------------------
      A crash is observed in C:\WINDOWS\system32\ntdll.dll, with a Licensee's Windows JDK implementation (see Comments for Licensee identity). Below is the stack:

      Java Stack Frames:
        at sun/jdbc/odbc/JdbcOdbc.allocConnect(Native Method)
        at sun/jdbc/odbc/JdbcOdbc.SQLAllocConnect(JdbcOdbc.java:125)
        at sun/jdbc/odbc/JdbcOdbcDriver.allocConnection(JdbcOdbcDriver.java:938)
        at sun/jdbc/odbc/JdbcOdbcConnection.initialize(JdbcOdbcConnection.java:138)
        at sun/jdbc/odbc/JdbcOdbcDriver.connect(JdbcOdbcDriver.java:174)
        <frames removed to protect customer/licensee privacy>
        at javax/servlet/http/HttpServlet.service(HttpServlet.java:718)
        at javax/servlet/http/HttpServlet.service(HttpServlet.java:831)
        <frames removed to protect customer/licensee privacy>

      Native callstack:
        RtlEnterCriticalSection+0x19 (0x7C96A379 [ntdll+0x1a379])
        SQLConnectA+0x2ef8 (0x4B904C36 [ODBC32+0x34c36])
        SQLAllocConnect+0x7d (0x4B8D8751 [ODBC32+0x8751])
        SQLAllocConnect+0x1f (0x4B8D86F3 [ODBC32+0x86f3])
        Java_sun_jdbc_odbc_JdbcOdbc_allocConnect+0x28 (jdbcodbc.c:243, 0x7F3B11CB [JdbcOdbc+0x11cb])
        <frames removed to protect customer/licensee privacy>


      SUGGESTED FIX
      -------------
      See Suggested Fix section for diffs relative to code in 6u22-b01.

      Licensee's iinvestigation revealed that the problem is caused by code in the JdbcOdbcDriver class. This is the sequence of events that leads up to the crash:

      1. Thread T1 finishes its work on JdbcOdbcConnection and calls close()
         upon it.
      2. This results in a call to JdbcOdbcDriver.closeConnection().
      3. Since no other connections are currently active, SQLFreeEnv() will be
         called, and a global variable hEnv will be set to NULL, which
         releases the OpenRDA ODBC driver DLL.
      4. However, before step 4 is complete, another thread, T2, needs a new
         connection and calls JdbcOdbcDriver.connect(). T2 checks for the
         global hEnv variable and finds that it is not NULL, thus indicating
         that a valid hEnv will exist.
      5. T2 then goes on to call the SQLAllocConnect() call, passing in the
         hEnv variable which has already been freed by T1. This causes the
         ODBC driver manager to crash.

      Licensee fix suggestion is to add the synchronized modifier to some of the JdbcOdbcDriver Class's methods to prevent concurrent execution, thus avoiding the race condition that causes the crash. These methods are:

        JdbcOdbcDriver.allocConnection()
        JdbcOdbcDriver.initialize()
        JdbcOdbcDriver.closeConnection()

        Attachments

          Activity

            People

            Assignee:
            lancea Lance Andersen
            Reporter:
            dkorbel David Korbel (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Imported:
              Indexed: