CPF in low memory conditions

Have you ever seen a message saying “System memory is low”? Well, it seem CPF panics when the system runs (even for a second) out of memory. Yesterday I was testing an app under low memory conditions and it worked just fine, but CPF didn’t. Process “CPF.exe” left a couple of non-responsive windows and entered in an infinite loop consuming 100% CPU. After the test the whole system went back to normal and the only unresponsive app was… CPF.

By the way, I’ve found CPF can crash the system if you forcibly close a certan handle to HKLM. The system goes BSD with a “INVALID_KERNEL_HANDLE” message.

Please take into considerations that both issues above can be easily used as exploits.

Can you please post these at the official support centre

Thanks in advance,
Ewen :slight_smile:

Should I submit a Ticket? Otherwize please please please… redesign the site for a more user-friendly bug submission.

Yes, you should submit a ticket at the official support centre. That was why I directed you there. User forums, like this one, are not the place that bugs should be posted for investigation/rectification, particularly when you have demonstrable, repeatable proof of the bug. By all means, post your findings here as well as lodging a ticket.

Cheers,
Ewen :slight_smile:

Done!!! This is the full text with some more testing:

Have you ever seen a message saying “System memory is low”? Well, it seem CPF panics when the system runs (even for a second) out of memory. Yesterday I was testing an app under low memory conditions and it worked just fine, but CPF didn’t. Process “CPF.exe” left a couple of non-responsive windows and entered in an infinite loop consuming 100% CPU. After the test the whole system went back to normal and the only unresponsive app was… CPF. It seems CPF tries to pop a “Low memory” messagebox and if the system doesn’t have enought memory to create the WND then CPF enters the state described before. Please note that if the system DO has enought memory CPF just prints the message and keeps running OK. Workaround: OS has several means of informing users of a memory shortage, remove low memoy notifications to avoid this and consider alternatives for CPF to work in low memory conditions without influencing system stability.

By the way, I’ve found CPF can crash the system if you forcibly close a certan handle to HKLM. The system goes BSD with a “INVALID_KERNEL_HANDLE” message. This can be achieved with SysInternals Process Explorer and, I think, with a few lines of code so it is highly exploitable.

Please take into considerations that both issues above can be easily used as exploits.

EDIT:

Ticket Details

Ticket ID: EYI-282765
Department: PC Security Software
Priority: Urgent
Status: Open

Thanks for that.

Can you please post any results back here for the benefit of others.

Cheers,
Ewen :slight_smile: