possible heap corruption reported in atcuf64.dll

Options


I am a software developer with a broadly deployed application with built-in crash reporting. We've recently started seeing a large number of crashes in our app from users with BitDefender installed. The call stack makes it appear as though Windows is terminating the app due to heap corruption from atcuf64.dll, a binary that BitDefender injects into user-mode processes, including ours.

 


ntdll!RtlpTerminateFailureFilter
ntdll!RtlReportCriticalFailure
ntdll!_C_specific_handler
ntdll!RtlpExecuteHandlerForException
ntdll!RtlDispatchException
ntdll!RtlRaiseException
ntdll!RtlReportCriticalFailure
ntdll!RtlpReportHeapFailure
ntdll!RtlpHeapHandleError
ntdll!RtlpLogHeapFailure
ntdll!RtlFreeHeap
kernel32!HeapFree
atcuf64
0x0
0x0
0x0
0x0


Of course, we don't have symbols for atcuf64.dll, so the debugger is unable to unwind the complete stack. It is unclear to us whether atcuf64.dll is merely wrapping calls to HeapFree, or whether it's actually freeing its own heap allocation here. In other words, it's unclear whether the bug is in BitDefender or in our product. Based on the number of crashes with atcuf64 on the stack, we're inclined to believe the bug is in BitDefender.



Is this a known issue in BitDefender software?



Would it be possible to get symbols for atcuf64.dll version 1.25.200.0 so we can debug further?



Is there an engineering/development contact we can be put in touch with to diagnose this issue?

Comments

  • Roxana G
    Options


    On 6/28/2019 at 8:06 PM, ChrisAraman said:



    I am a software developer with a broadly deployed application with built-in crash reporting. We've recently started seeing a large number of crashes in our app from users with BitDefender installed. The call stack makes it appear as though Windows is terminating the app due to heap corruption from atcuf64.dll, a binary that BitDefender injects into user-mode processes, including ours.

     



    ntdll!RtlpTerminateFailureFilter
    ntdll!RtlReportCriticalFailure
    ntdll!_C_specific_handler
    ntdll!RtlpExecuteHandlerForException
    ntdll!RtlDispatchException
    ntdll!RtlRaiseException
    ntdll!RtlReportCriticalFailure
    ntdll!RtlpReportHeapFailure
    ntdll!RtlpHeapHandleError
    ntdll!RtlpLogHeapFailure
    ntdll!RtlFreeHeap
    kernel32!HeapFree
    atcuf64
    0x0
    0x0
    0x0
    0x0


    Of course, we don't have symbols for atcuf64.dll, so the debugger is unable to unwind the complete stack. It is unclear to us whether atcuf64.dll is merely wrapping calls to HeapFree, or whether it's actually freeing its own heap allocation here. In other words, it's unclear whether the bug is in BitDefender or in our product. Based on the number of crashes with atcuf64 on the stack, we're inclined to believe the bug is in BitDefender.



    Is this a known issue in BitDefender software?



    Would it be possible to get symbols for atcuf64.dll version 1.25.200.0 so we can debug further?



    Is there an engineering/development contact we can be put in touch with to diagnose this issue?



    Hi,


     


    Thank you for reporting this.


    Please send the dump file to bitsy@bitdefender.com and our team will look into this.


  • Sent. Thanks.

  • Roxana G
    Options


    Hi,


     


    I have sent you an email.


    Thank you!

  • Georgia
    Georgia ✭✭✭
    Options


    /index.php?/profile/216926-chrisaraman/&do=hovercard" data-mentionid="216926" href="<___base_url___>/index.php?/profile/216926-chrisaraman/" rel="">@ChrisAraman


    We have just addressed this crash via signature updates of Bitdefender. The dump reports should stop shortly.