SLEE Processes Crashing with Error "CRITICAL: SLEE memory corruption: void SleeEvent::validateEvent(): ... Canary has been overwritten in event of size XYZ"

(Doc ID 2040932.1)

Last updated on NOVEMBER 02, 2016

Applies to:

Oracle Communications Network Charging and Control - Version 4.3.0 to 5.0.3 [Release 4.3 to 5.0]
Information in this document applies to any platform.

Symptoms

On all versions of Oracle Communications Network Charging and Control (NCC), a problem exists when there are Service Logic Execution Environment (SLEE) events configured which are not 2n sized (ie. 1024, 2048, 4096, 8192, ...).

As soon as a SLEE process attempts to use the non-2n SLEE event, it will throw the following error and crash, leaving behind a core file (by design):

CRITICAL: SLEE memory corruption: void SleeEvent::validateEvent(): [this=0xc9edcf00 myCurrentList=0x0 owningProcess=17699]: Canary has been overwritten in event of size 8196

The object pointer, process identifier, and SLEE event size will vary in different situations, however the overwritten SLEE event size (8196 in the above example) will always highlight the offending SLEE event size.

If the backtrace for the core file is captured, then there should be frames which show the process failing in validateEvent() which leads to coredump() and forkAndAbort():

...
#9  0xfd9d7bbc in SleeUtils::forkAndAbort () at sleeUtils.cc:35
#10 0xfd9d7e40 in SleeUtils::coredump () at sleeUtils.cc:63
#11 0xfd9f3fb0 in SleeEvent::validateEvent (this=<incomplete type>) at sleeEvent.cc:300
#12 0xfda08d9c in SleeRoot::popEvent (this=0xc0000000, size=1036, ignoreCheck=false) at sleeRoot.cc:1320
#13 0xfd9f2ef0 in SleeEvent::operator new (size=40, dataSegmentSize=1036) at sleeEvent.cc:63
...

Changes

Reconfiguration of the SLEE events in SLEE.cfg.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms