PM83142: JVM runs out of memory while generating findings report in PDF

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • JVM runs out of memory while generating findings report in PDF.
    
    Steps to reproduce the issue:
    
    1. Download the following source files:
    
       Download the 11 MB Dojo Toollkit 1.8.3 (Zip version):
    
    http://download.dojotoolkit.org/release-1.8.3/dojo-release-1.8.3
    .zip
    
       Ext JS 4.1.1a GPL:
    
    http://www.sencha.com/products/extjs/download/ext-js-4.1.1/1683
    
    2. Create a single project with both source roots from the files
    downloaded from above.
    
    2. Scan with AppScan Source 8.6.0.2 which will result in about
    4095 findings.
    
    3. Next, generate a report (?Generate Findings Report?), with
    the following 'report options':
         a. Check ?Include source code surrounding each finding?.
    ?Lines before? =5 ?Lines after? = 5.
         b. All three ?Vulnerability?, ?Type I?, ?Type II? are
    checked.
    
    AppScan Source tries to generate the report as above, and fails
    with a memory error.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    In AppScan Source For Analysis, generating a .pdf report
    could result in a java.lang.OutOfMemoryError if lines of
    source that spanned thousands of characters with no line
    breaks were included.
    

Problem conclusion

  • The length of source lines that are included in the report
    are now checked to avoid the error.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM83142

  • Reported component name

    SEC APPSCAN SRC

  • Reported component ID

    5724Z3400

  • Reported release

    860

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-02-19

  • Closed date

    2013-03-25

  • Last modified date

    2013-03-25

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SEC APPSCAN SRC

  • Fixed component ID

    5724Z3400

Applicable component levels

  • R860 PSN

       UP



Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security AppScan Source

Software version:

860

Reference #:

PM83142

Modified date:

2013-03-25

Translate my page

Machine Translation

Content navigation