peview.exe 3.0.12105.7578 crash

[urielmann]

Brief description of your issue

Starting peview.exe 3.0.12105.7578 on Windows 10 VMWare VM result in a crash
peview.dmp

Steps to reproduce (optional)

No response

Expected behavior (optional)

No response

Actual behavior (optional)

No response

Environment (optional)

No response

[urielmann]

0:007> !analyze -v
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 9093

    Key  : Analysis.DebugAnalysisManager
    Value: Create

    Key  : Analysis.Elapsed.mSec
    Value: 52529

    Key  : Analysis.Init.CPU.mSec
    Value: 7312

    Key  : Analysis.Init.Elapsed.mSec
    Value: 1040590

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 114

    Key  : FailFast.Name
    Value: UNEXPECTED_HEAP_EXCEPTION

    Key  : FailFast.Type
    Value: 35

    Key  : Timeline.OS.Boot.DeltaSec
    Value: 1670

    Key  : Timeline.Process.Start.DeltaSec
    Value: 1043

    Key  : WER.OS.Branch
    Value: vb_release

    Key  : WER.OS.Timestamp
    Value: 2019-12-06T14:06:00Z

    Key  : WER.OS.Version
    Value: 10.0.19041.1

    Key  : WER.Process.Version
    Value: 3.0.12105.7578


NTGLOBALFLAG:  0

PROCESS_BAM_CURRENT_THROTTLED: 0

PROCESS_BAM_PREVIOUS_THROTTLED: 0

APPLICATION_VERIFIER_FLAGS:  0

EXCEPTION_RECORD:  (.exr -1)
ExceptionAddress: 00007fff5ced4ff8 (ntdll!RtlpHpAllocWithExceptionProtection$filt$0+0x0000000000000038)
   ExceptionCode: c0000409 (Security check failure or stack buffer overrun)
  ExceptionFlags: 00000001
NumberParameters: 1
   Parameter[0]: 0000000000000023
Subcode: 0x23 FAST_FAIL_UNEXPECTED_HEAP_EXCEPTION 

FAULTING_THREAD:  00001c88

PROCESS_NAME:  peview.exe

ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application.

EXCEPTION_CODE_STR:  c0000409

EXCEPTION_PARAMETER1:  0000000000000023

STACK_TEXT:  
000000c9`4fffdd60 00007fff`5cebca06     : 00007fff`5cfa3878 00007fff`5ce30000 000000c9`4fffde70 00007fff`5ce60e7b : ntdll!RtlpHpAllocWithExceptionProtection$filt$0+0x38
000000c9`4fffdd90 00007fff`5ced23af     : 00000000`00000000 000000c9`4fffe370 000000c9`4fffea30 00000000`00000000 : ntdll!_C_specific_handler+0x96
000000c9`4fffde00 00007fff`5ce814b4     : 00000000`00000000 000000c9`4fffe370 000000c9`4fffea30 00000000`00000000 : ntdll!RtlpExecuteHandlerForException+0xf
000000c9`4fffde30 00007fff`5ced0ebe     : 00000001`00000001 00000000`00007fff 00000210`56390290 00000000`00001000 : ntdll!RtlDispatchException+0x244
000000c9`4fffe540 00007fff`5ce5a320     : 00000210`56390280 00000000`0000000e 00000000`00000009 00000210`56602000 : ntdll!KiUserExceptionDispatch+0x2e
000000c9`4fffec40 00007fff`5ce592c2     : 00000210`56605f00 00000000`00090000 000000c9`4fffee00 00000000`00000000 : ntdll!RtlRbRemoveNode+0x280
000000c9`4fffec70 00007fff`5ce58eab     : 00000001`00000000 00000000`00000002 00000000`00000000 00007fff`5a72bf74 : ntdll!RtlpHpVsChunkSplit+0x42
000000c9`4fffed00 00007fff`5ce5ae92     : 00000000`00000000 00000000`00000080 00000000`00000080 000000c9`4fffeed8 : ntdll!RtlpHpVsContextAllocateInternal+0x1db
000000c9`4fffed70 00007fff`5ce5c28c     : 000000c9`00000000 00000000`00000080 000000c9`4fffeec0 00000000`00000000 : ntdll!RtlpAllocateHeapInternal+0x472
000000c9`4fffee80 00007fff`5cc39d40     : 00000000`00000080 000000c9`4ffff310 00000000`00000000 00000000`00000103 : ntdll!RtlpHpAllocWithExceptionProtection+0x1c
000000c9`4fffeee0 00007fff`5a5213af     : 000000c9`4ffff3a0 000000c9`4ffff310 00000000`0000000b 000000c9`4ffff200 : msvcrt!malloc+0x70
000000c9`4fffef10 00007fff`5a51209a     : 000000c9`4ffff3a0 000000c9`4ffff520 000000c9`4ffff040 00000210`587f7f20 : wintrust!operator new+0x23
000000c9`4fffef40 00007fff`5a511ee5     : 0000002e`00000000 00007fff`4635ea61 00000017`00000000 00000210`564b5b00 : wintrust!I_VerifyTrust+0x17a
000000c9`4ffff2b0 00007fff`463af156     : 00000210`58cf2b90 00000000`00000001 00000000`00000000 00000000`00000000 : wintrust!WinVerifyTrust+0x45
000000c9`4ffff2f0 00007fff`463aebcb     : 00000000`00000017 00000210`564b5b00 00000210`564b5b00 00000000`00000000 : wininet!WinVerifySecureChannel+0x6a
000000c9`4ffff340 00007fff`463ae4fe     : 00000210`00000000 00000210`58cf45a0 00000000`00cc0010 00000210`58cf2b90 : wininet!CSecureSocket::VerifyTrust+0x23b
000000c9`4ffff490 00007fff`463ae34b     : 00000000`00000000 000000c9`4ffff5a0 00000000`00000000 000000c9`4ffff794 : wininet!CSecureSocket::VerifyServerCert+0x162
000000c9`4ffff4f0 00007fff`463adae1     : 00000210`58cf45a0 00000000`00000000 00000210`564b5b00 00000000`00000000 : wininet!CSecureSocket::QueryAndVerifyServerCert+0x5f
000000c9`4ffff520 00007fff`463ad31f     : 00000210`0000c11c 000000c9`4ffff860 01db6a05`14912980 00000210`564b5470 : wininet!CSecureSocket::NegotiateLoop_Fsm+0x79d
000000c9`4ffff5e0 00007fff`46365bc0     : 00000210`564b5470 000000c9`4ffff860 000000c9`4ffff790 00000000`00000000 : wininet!CFsm_NegotiateLoop::RunSM+0x3f
000000c9`4ffff610 00007fff`46365415     : 00000000`000003e5 00000210`58bf7a40 000000c9`4ffff878 00000000`00000001 : wininet!CFsm::Run+0x1d0
000000c9`4ffff740 00007fff`46361a33     : 00000210`58bf7a40 000000c9`4ffffcd0 00000210`58d658e8 00000210`58bf7a40 : wininet!CFsm::RunWorkItem+0x265
000000c9`4ffff8e0 00007fff`463b512d     : 00000210`58cf2350 00000210`564b37d0 00000000`00000000 00000000`00000000 : wininet!CSocket::ReceiveCompletion+0x93
000000c9`4ffff910 00007fff`5a9fcb20     : 000000c9`4ffffcd0 00000000`00000000 00000000`0000022c 00000000`00000516 : wininet!CWxSocket::IoCompletionCallback+0xcd
000000c9`4ffff980 00007fff`5ce510f9     : 00000210`58d65820 00000000`00000000 00000000`00000000 00000000`00000000 : KERNELBASE!BasepTpIoCallback+0x50
000000c9`4ffff9d0 00007fff`5ce82f86     : 00000210`58d658e8 00000210`00000000 00000210`58cf2358 00000210`56402340 : ntdll!TppIopExecuteCallback+0x129
000000c9`4ffffa50 00007fff`5b707344     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!TppWorkerThread+0x456
000000c9`4ffffd50 00007fff`5ce826b1     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
000000c9`4ffffd80 00000000`00000000     : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21


STACK_COMMAND:  ~7s ; .cxr ; kb

SYMBOL_NAME:  msvcrt!malloc+70

MODULE_NAME: msvcrt

IMAGE_NAME:  msvcrt.dll

FAILURE_BUCKET_ID:  FAIL_FAST_UNEXPECTED_HEAP_EXCEPTION_c0000409_msvcrt.dll!malloc

OS_VERSION:  10.0.19041.1

BUILDLAB_STR:  vb_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

IMAGE_VERSION:  7.0.19041.3636

FAILURE_ID_HASH:  {67cf2ecd-04f2-e392-2e6a-9ad449f9ae70}

Followup:     MachineOwner
---------

[dmex]

10.0.19041.1

The stack shows a bug in the OS and your version of Windows was last updated 5 years ago?

[MagicAndre1981]

your version of Windows was last updated 5 years ago?

no, Windbg also shows this for me in dmp files from Windows 10 22H2 19045 with latest patches.