IBM Support

PM83142: JVM runs out of memory while generating findings report in PDF

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • JVM runs out of memory while generating findings report in PDF.

Steps to reproduce the issue:

1. Download the following source files:

   Download the 11 MB Dojo Toollkit 1.8.3 (Zip version):

http://download.dojotoolkit.org/release-1.8.3/dojo-release-1.8.3
.zip

   Ext JS 4.1.1a GPL:

http://www.sencha.com/products/extjs/download/ext-js-4.1.1/1683

2. Create a single project with both source roots from the files
downloaded from above.

2. Scan with AppScan Source 8.6.0.2 which will result in about
4095 findings.

3. Next, generate a report (?Generate Findings Report?), with
the following 'report options':
     a. Check ?Include source code surrounding each finding?.
?Lines before? =5 ?Lines after? = 5.
     b. All three ?Vulnerability?, ?Type I?, ?Type II? are
checked.

AppScan Source tries to generate the report as above, and fails
with a memory error.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
In AppScan Source For Analysis, generating a .pdf report
could result in a java.lang.OutOfMemoryError if lines of
source that spanned thousands of characters with no line
breaks were included.

    



Problem conclusion


    

  • The length of source lines that are included in the report
are now checked to avoid the error.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM83142
    • 

  • Reported component name
    SEC APPSCAN SRC
    • 

  • Reported component ID
    5724Z3400
    • 

  • Reported release
    860
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-02-19
    • 

  • Closed date
    2013-03-25
    • 

  • Last modified date
    2013-03-25
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SEC APPSCAN SRC
    • 

  • Fixed component ID
    5724Z3400
    • 



Applicable component levels


    

  • R860  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSS9LM","label":"IBM Security AppScan Source for Automation"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"860","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            25 March 2013
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback