search

logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
850 stars 174 forks source link

java.lang.OutOfMemoryError #216

Closed KB4MDD closed 2 years ago

KB4MDD commented 2 years ago

Logpresso CVE-2021-44228 Vulnerability Scanner 2.6.3 (2021-12-27)

Running scan (36s): scanned 840 directories, 10738 files, last visit: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys Fatal error: unhandled exception in isolate 0x1c243e00000: java.lang.OutOfMemoryError: Could not allocate an aligned heap chunk

xeraph commented 2 years ago

@KB4MDD I need more information. Out of millions of scans, you might be the first one who encounter this error. Run scanner with --trace and --debug. What was the last visited file before OutOfMemoryError exception? Does scanner crash with the same file for repeated runs? Comment with command itself with arguments and output.

KB4MDD commented 2 years ago

This is a snip from the bottom of the trace:

Scanning directory: C:\ProgramData\Microsoft\Crypto\Keys Skipping file: C:\ProgramData\Microsoft\Crypto\Keys\597367cc37b886d7ee6c493e3befb421_ed4d81fc-9520-4ae2-b456-c9805e60cacc Skipping file: C:\ProgramData\Microsoft\Crypto\Keys\f0e91f6485ac2d09485e4ec18135601e_ed4d81fc-9520-4ae2-b456-c9805e60cacc Scanning directory: C:\ProgramData\Microsoft\Crypto\PCPKSP Scanning directory: C:\ProgramData\Microsoft\Crypto\PCPKSP\WindowsAIK Scanning directory: C:\ProgramData\Microsoft\Crypto\RSA Scanning directory: C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

I looked through the scan for "Scanning File:": There were only two entries that showed scanning file.

Scanning file: C:\Program Files (x86)\RBS Server\Web\Help\Advanced\webhelp.jar Skipping broken jar file C:\Program Files (x86)\RBS Server\Web\Help\Advanced\webhelp.jar ('zip END header not found')

Scanning file: C:\Program Files (x86)\RBS Server\Web\Help\Simple\webhelp.jar Skipping broken jar file C:\Program Files (x86)\RBS Server\Web\Help\Simple\webhelp.jar ('zip END header not found')

This is the error message: Fatal error: unhandled exception in isolate 0x1981d700000: java.lang.OutOfMemoryError: Could not allocate an aligned heap chunk

xeraph commented 2 years ago

@KB4MDD I suspect the file which causes OutOfMemoryError resides in C:\Program Files (x86)\RBS Server\Web\Help\Simple\ You can narrow down scan target like this: log4j2-scan --trace --debug C:\Program Files (x86)\RBS Server\Web\Help\Simple\ For specific file: log4j2-scan --trace --debug C:\Program Files (x86)\RBS Server\Web\Help\Simple\webhelp.jar

If you can find file which causes OOM, send me that file using web file sharing service. (xeraph at logpresso.com)

desiklolan commented 2 years ago

Same Issue:

<![LOG[[Installation] :: Standard error output from the process: Fatal error: java.lang.OutOfMemoryError: Could not allocate an aligned heap chunk

JavaFrameAnchor dump:

Anchor 000000ef176ff3b0 LastJavaSP 000000ef176ff320 LastJavaIP 00007ff60522b30e

TopFrame info:

TotalFrameSize in CodeInfoTable 48

VMThreads info:

VMThread 000002074fc97ec0 STATUS_IN_JAVA (safepoints disabled) java.lang.Thread@0x20750de5060

VM Thread State for current thread 000002074fc97ec0:

0 (8 bytes): com.oracle.svm.jni.JNIThreadLocalEnvironment.jniFunctions = (bytes) 000002074fc97ec0: 0000020750cb5010

8 (8 bytes): com.oracle.svm.core.graal.snippets.StackOverflowCheckImpl.stackBoundaryTL = (Word) 1 0000000000000001 16 (4 bytes): com.oracle.svm.core.thread.Safepoint.safepointRequested = (int) 1754919476 6899f234 20 (4 bytes): com.oracle.svm.core.thread.VMThreads$StatusSupport.statusTL = (int) 1 00000001 24 (32 bytes): com.oracle.svm.core.genscavenge.ThreadLocalAllocation.regularTLAB = (bytes) 000002074fc97ed8: 0000000000000000 0000000000000000 000002074fc97ee8: 0000000000000000 0000000000000000

56 (8 bytes): com.oracle.svm.core.thread.JavaThreads.currentThread = (Object) java.lang.Thread 0000020750de5060 64 (8 bytes): com.oracle.svm.core.stack.JavaFrameAnchors.lastAnchor = (Word) 1026890396592 000000ef176ff3b0 72 (8 bytes): com.oracle.svm.core.heap.NoAllocationVerifier.openVerifiers = (Object) null 80 (8 bytes): com.oracle.svm.core.identityhashcode.IdentityHashCodeSupport.hashCodeGeneratorTL = (Object) java.util.SplittableRandom 00000207712013f0 88 (8 bytes): com.oracle.svm.core.snippets.ExceptionUnwind.currentException = (Object) null 96 (8 bytes): com.oracle.svm.core.thread.ThreadingSupportImpl.activeTimer = (Object) null 104 (8 bytes): com.oracle.svm.graal.isolated.IsolatedCompileClient.currentClient = (Object) null 112 (8 bytes): com.oracle.svm.graal.isolated.IsolatedCompileContext.currentContext = (Object) null 120 (8 bytes): com.oracle.svm.jni.JNIObjectHandles.handles = (Object) com.oracle.svm.core.handles.ThreadLocalHandles 0000020771201418 128 (8 bytes): com.oracle.svm.jni.JNIThreadLocalPendingException.pendingException = (Object) null 136 (8 bytes): com.oracle.svm.jni.JNIThreadLocalPinnedObjects.pinnedObjectsListHead = (Object) com.oracle.svm.jni.JNIThreadLocalPinnedObjects$PinnedObjectListNode 000002070aa011b0 144 (8 bytes): com.oracle.svm.jni.JNIThreadOwnedMonitors.ownedMonitors = (Object) null 152 (8 bytes): com.oracle.svm.core.thread.VMThreads.IsolateTL = (Word) 2230441738240 0000020750b00000 160 (8 bytes): com.oracle.svm.core.thread.VMThreads.OSThreadHandleTL = (Word) 368 0000000000000170 168 (8 bytes): com.oracle.svm.core.thread.VMThreads.OSThreadIdTL = (Word) 8612 00000000000021a4 176 (8 bytes): com.oracle.svm.core.thread.VMThreads.nextTL = (Word) 0 0000000000000000 184 (8 bytes): com.oracle.svm.core.thread.VMThreads.unalignedIsolateThreadMemoryTL = (Word) 2230426631872 000002074fc97ec0 192 (4 bytes): com.oracle.svm.core.graal.snippets.StackOverflowCheckImpl.yellowZoneStateTL = (int) -16843010 fefefefe 196 (4 bytes): com.oracle.svm.core.snippets.ImplicitExceptions.implicitExceptionsAreFatal = (int) 1 00000001 200 (4 bytes): com.oracle.svm.core.thread.ThreadingSupportImpl.currentPauseDepth = (int) 1 00000001 204 (4 bytes): com.oracle.svm.core.thread.VMThreads$ActionOnTransitionToJavaSupport.actionTL = (int) 0 00000000 208 (4 bytes): com.oracle.svm.core.thread.VMThreads$StatusSupport.safepointsDisabledTL = (int) 1 00000001

VMOperation dump:

VMOperation in progress: Garbage collection causesSafepoint: true queuingThread: 000002074fc97ec0 executingThread: 000002074fc97ec0

Dump Counters:

Raw Stacktrace:

000000ef176feee0: 0000020750cb2058 0000020750df77e0 000000ef176feef0: 0000020750b00000 0000020750e64478 000000ef176fef00: 00007ff604ee4bb1 00007ff604f25084 000000ef176fef10: 604804c08d027ebb 00007ff604ee4bb1 000000ef176fef20: fc327eb77d3c48a1 44f52440a18a2f9d 000000ef176fef30: 000000ef176ff0c8 00007ff604f1f63f 000000ef176fef40: 0000020750d901e8 278b34149bd397cb 000000ef176fef50: 0000020750e74e68 0000020750b00000

Stacktrace Stage 0:

SP 000000ef176feee0 IP 00007ff604f04260 FrameSize 48 SP 000000ef176fef10 IP 00007ff604f25084 FrameSize 16 SP 000000ef176fef20 IP 00007ff604ee4bb1 FrameSize 32 SP 000000ef176fef40 IP 00007ff604f1f63f FrameSize 80 SP 000000ef176fef90 IP 00007ff604f1fc63 FrameSize 80 SP 000000ef176fefe0 IP 00007ff604f201e4 FrameSize 80 SP 000000ef176ff030 IP 00007ff604f20085 FrameSize 48 SP 000000ef176ff060 IP 00007ff604f207e6 FrameSize 64 SP 000000ef176ff0a0 IP 00007ff604ee6342 FrameSize 96 SP 000000ef176ff100 IP 00007ff604eee166 FrameSize 16 SP 000000ef176ff110 IP 00007ff604eee0fc FrameSize 16 SP 000000ef176ff120 IP 00007ff604ef2d90 FrameSize 32 SP 000000ef176ff140 IP 00007ff604ef2d07 FrameSize 48 SP 000000ef176ff170 IP 00007ff604fa12b9 FrameSize 32 SP 000000ef176ff190 IP 00007ff604facc9f FrameSize 32 SP 000000ef176ff1b0 IP 00007ff604ed5b77 FrameSize 272 SP 000000ef176ff320 IP 00007ff60522b30e FrameSize 176 SP 000000ef176ff3d0 IP 00007ff60522b068 FrameSize 112 SP 000000ef176ff440 IP 00007ff60522ced7 FrameSize 80 SP 000000ef176ff490 IP 00007ff60523dac3 FrameSize 64 SP 000000ef176ff4d0 IP 00007ff604ea1204 FrameSize 16 SP 000000ef176ff4e0 IP 00007ff604fd2974 FrameSize 16 SP 000000ef176ff4f0 IP 00007ff604fd65d4 FrameSize 80 SP 000000ef176ff540 IP 00007ff60523db59 FrameSize 64 SP 000000ef176ff580 IP 00007ff604ea1204 FrameSize 16 SP 000000ef176ff590 IP 00007ff604fd2974 FrameSize 16 SP 000000ef176ff5a0 IP 00007ff604fd65d4 FrameSize 80 SP 000000ef176ff5f0 IP 00007ff60522cac9 FrameSize 32 SP 000000ef176ff610 IP 00007ff60522cfef FrameSize 80 SP 000000ef176ff660 IP 00007ff60523dac3 FrameSize 64 SP 000000ef176ff6a0 IP 00007ff60523d3a7 FrameSize 32 SP 000000ef176ff6c0 IP 00007ff60523d676 FrameSize 32 SP 000000ef176ff6e0 IP 00007ff604eb69ad FrameSize 160 SP 000000ef176ff780 IP 00007ff604eb6bde FrameSize 160 SP 000000ef176ff820 IP 00007ff604eb6bde FrameSize 160 SP 000000ef176ff8c0 IP 00007ff604eb5f70 FrameSize 80 SP 000000ef176ff910 IP 00007ff604eb4d6f FrameSize 144 SP 000000ef176ff9a0 IP 00007ff604eb8faa FrameSize 80 SP 000000ef176ff9f0 IP 00007ff604eb9100 FrameSize 80 SP 000000ef176ffa40 IP 00007ff604eb9100 FrameSize 80 SP 000000ef176ffa90 IP 00007ff604eb9100 FrameSize 80 SP 000000ef176ffae0 IP 00007ff604eb9100 FrameSize 80 SP 000000ef176ffb30 IP 00007ff604eb9100 FrameSize 80 SP 000000ef176ffb80 IP 00007ff604eb3453 FrameSize 208 SP 000000ef176ffc50 IP 00007ff604eb4649 FrameSize 48 SP 000000ef176ffc80 IP 00007ff604ea9635 FrameSize 48 SP 000000ef176ffcb0 IP 00007ff604ee0d8e FrameSize 304

Stacktrace Stage 1:

SP 000000ef176feee0 IP 00007ff604f04260 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176fef10 IP 00007ff604f25084 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176fef20 IP 00007ff604ee4bb1 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176fef40 IP 00007ff604f1f63f com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176fef90 IP 00007ff604f1fc63 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176fefe0 IP 00007ff604f201e4 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176ff030 IP 00007ff604f20085 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176ff060 IP 00007ff604f207e6 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176ff0a0 IP 00007ff604ee6342 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176ff100 IP 00007ff604eee166 com.oracle.svm.core.code.CodeInfo@0x20750d917a8 name = image code SP 000000ef176ff110 IP 00007ff604eee0fc com.oracle 1/1/1601 12:00:00 AM 709864315 (0x2A4FAB7B)

xeraph commented 2 years ago

@desiklolan If you have stable reproduce steps, send me how to do it. (or upload file please..)

OOM stacktrace itself cannot help troubleshoot.

xeraph commented 2 years ago

Closed due to no response.