RPC Application Causes Access Violation When Dereferencing Freed Connection Under Stress

ID: Q224600

The information in this article applies to:

SYMPTOMS

An application using the remote procedure call (RPC) transport, such as the Microsoft Exchange Server information store, may display an access violation error message. The error message is displayed because of a general protection fault that may occur when the Windows NT Remote Procedure Call Common Server Transport module is under stress.


CAUSE

The Remote Procedure Call Common Server Transport module can attempt to dereference a buffer within a connection that has already been freed under high stress conditions.


RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem. If you are not severely affected by this specific problem, Microsoft recommends that you wait for the next Windows NT 4.0 service pack that contains this fix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp
The English version of this fix should have the following file attributes or later:

   Date      Time                 Size    File name     Platform
   -------------------------------------------------------------
   03/04/99  09:05p                37,136 Rpcltscm.dll  i386
   03/04/99  09:03p                59,664 Rpcltscm.dll  Alpha

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:
Q154871 Determining If You Are Eligible for No-Charge Technical Support


STATUS

Microsoft has confirmed this to be a problem in Windows NT 4.0.


MORE INFORMATION

If the correct Windows NT symbols are installed, the resulting Dr. Watson log may have a stack dump similar to the following sample dump: 


Application exception occurred:

        App: exe\store.dbg (pid=334)
        When: 11/23/1998 @ 9:3:26.687
        Exception number: c0000005 (access violation)

State Dump for Thread Id 0x26a

function: COMMON_ServerReceive
        74fa42f7 7e4e             jle     COMMON_ServerReceive+0xc2 
        74fa42f9 6603f8           add     di,ax
        74fa42fc 6683ff10         cmp     di,0x10
        74fa4300 72d9             jb      COMMON_ServerReceive+0x56 
FAULT ->74fa4302 f6430410         test    byte ptr [ebx+0x4],0x10      
        74fa4306 756b             jnz     COMMON_ServerReceive+0xee 
        74fa4308 8a4309           mov     al,[ebx+0x9]                                                                      
                                                                                                   
*----> Stack Back Trace <----*                                                                     
                                                                                                   
FramePtr ReturnAd Param#1  Param#2  Param#3  Param#4  Function Name                                
2350fef8 74fa2214 00218744 2350ff88 2350ff84 00000000 
rpcltscm!COMMON_ServerReceive 
2350ff2c 77e18c00 00169698 2350ff58 2350ff88 2350ff84
rpcltscm!COMMON_ServerReceiveAny
2350ff60 77e1a587 2350ff8c 2350ff88 2350ff84 16640528
rpcrt4!TRANS_ADDRESS::TransReceive
2350ff90 77e1ac1c 77e15eaf 001695b8 2350ffec 74fa426c
rpcrt4!OSF_ADDRESS::ReceiveLotsaCalls

Additional query words: 


Keywords          : kbbug4.00 kbfix4.00 
Version           : winnt:4.0,5.5
Platform          : winnt 
Issue type        : kbbug

Last Reviewed: July 2, 1999