Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Out Of Memory (C++ Exception) #35

Closed
JKFischer opened this issue Jan 6, 2022 · 8 comments
Closed

Out Of Memory (C++ Exception) #35

JKFischer opened this issue Jan 6, 2022 · 8 comments

Comments

@JKFischer
Copy link

I have multiple PCs that are throwing this. I had been using 1.2.19.0. I tried with 2.0.2.4 and get the same results. I've run it both with and without /lowpriority. I restarted the PC before running. No .OUT file is created. I've saved the minidump file, if it is needed.

PC Info per WMIC:

Model TotalPhysicalMemory
Precision 3650 Tower 34067255296

DeviceID DriveType FreeSpace ProviderName Size VolumeName
C: 3 885631496192 1021365448704 OS

STATUS.TXT

Scan Start: 2022-01-06T04:53:57-0500
Run status : Failed

Unhandled Exception Detected - Reason: Out Of Memory (C++ Exception) (0xe06d7363) at address 0x00007FF9C24B4F69

Creating minidump file C:\ITSTemp\01062022501400153.mdmp with crash details.

@romw
Copy link
Member

romw commented Jan 7, 2022

How large is the Minidump file? I would like to get my hands on it.

@JKFischer
Copy link
Author

Not that large. I've attached it here.
01062022501400153.zip

@romw
Copy link
Member

romw commented Jan 7, 2022

So, it appears we are choking on the following file:
C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.tgz

Apparently, the tar library we are using takes an odd turn if the file size of the uncompressed tarball stream is less than 512 bytes. It starts computing an MD5 hash.

Everything on the stack after that is junk. The crash occurs because tarlib is attempting to allocate memory for a std::string which it was going to stuff with a huge chunk of binary data.

How large is the C:\ProgramData\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.tgz on your disk?

@JKFischer
Copy link
Author

Really tiny. The folder it is in gets installed with IBM SPSS Statistics 28.0.0.0. IBM has a patch for SPSS that brings it to 28.0.1 and fixes the vulnerability, but we haven't deployed it yet.

prsgrc.zip

@romw
Copy link
Member

romw commented Jan 7, 2022

Okay, I've been able to reproduce locally... WinZip doesn't like the file either:

image

Looks like I need to re-work some of the file detection logic.

@romw
Copy link
Member

romw commented Jan 8, 2022

Should be addressed with this commit: cea4fb7

@romw
Copy link
Member

romw commented Jan 8, 2022

Should be fixed with this release: https://github.com/Qualys/log4jscanwin/releases/tag/2.0.2.7

@romw romw closed this as completed Jan 8, 2022
@JKFischer
Copy link
Author

Downloaded new version and ran it against offending PCs. Worked like a charm. Thanks, Rom.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants