APAR status
Closed as program error.
Error description
JVM runs out of memory while generating findings report in PDF. Steps to reproduce the issue: 1. Download the following source files: Download the 11 MB Dojo Toollkit 1.8.3 (Zip version): http://download.dojotoolkit.org/release-1.8.3/dojo-release-1.8.3 .zip Ext JS 4.1.1a GPL: http://www.sencha.com/products/extjs/download/ext-js-4.1.1/1683 2. Create a single project with both source roots from the files downloaded from above. 2. Scan with AppScan Source 8.6.0.2 which will result in about 4095 findings. 3. Next, generate a report (?Generate Findings Report?), with the following 'report options': a. Check ?Include source code surrounding each finding?. ?Lines before? =5 ?Lines after? = 5. b. All three ?Vulnerability?, ?Type I?, ?Type II? are checked. AppScan Source tries to generate the report as above, and fails with a memory error.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** In AppScan Source For Analysis, generating a .pdf report could result in a java.lang.OutOfMemoryError if lines of source that spanned thousands of characters with no line breaks were included.
Problem conclusion
The length of source lines that are included in the report are now checked to avoid the error.
Temporary fix
Comments
APAR Information
APAR number
PM83142
Reported component name
SEC APPSCAN SRC
Reported component ID
5724Z3400
Reported release
860
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-02-19
Closed date
2013-03-25
Last modified date
2013-03-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SEC APPSCAN SRC
Fixed component ID
5724Z3400
Applicable component levels
R860 PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSS9LM","label":"IBM Security AppScan Source for Automation"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"860","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
25 March 2013