Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash due to INVALID_POINTER_READ NativeRequestContext.GetRequestInfo #50445

Closed
1 task done
NGloreous opened this issue Aug 31, 2023 · 0 comments · Fixed by #50446
Closed
1 task done

Crash due to INVALID_POINTER_READ NativeRequestContext.GetRequestInfo #50445

NGloreous opened this issue Aug 31, 2023 · 0 comments · Fixed by #50446
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

Comments

@NGloreous
Copy link
Contributor

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When using the IHttpSysRequestInfoFeature it's possible to hit invalid pointer read errors which causes a process crash. It's also possible to hit other issue (see below). The error occurs when a GC moves to memory of the request's _backingBuffer before trying to access the RequestInfo property of IHttpSysRequestInfoFeature.

The issue is with this line of code. Indexing into the pointer will try to deference it but the pointer first needs to be adjusted using the baseAddress to account for any GC moves.

var requestInfo = nativeRequest->pRequestInfo[i];

Expected Behavior

No exceptions should happen.

Steps To Reproduce

No response

Exceptions (if any)

The bug can surface in a few different ways, depending on exactly how the memory was moved around.

INVALID_POINTER_READ crash

This happens when the memory where pRequestInfo points to in no longer valid for the application to reference.

ArgumentOutOfRangeException

System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo(IntPtr baseAddress, HTTP_REQUEST_V2* nativeRequest)
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo()
   at Microsoft.AspNetCore.Server.HttpSys.Request.get_RequestInfo()
   at Nanorouter.Metering.RequestTimingFeature.GetHttpSysTimestamps()

ArgumentException

System.ArgumentException: An item with the same key has already been added. Key: 0
   at System.Collections.Generic.Dictionary`2.TryInsert(TKey key, TValue value, InsertionBehavior behavior)
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo(IntPtr baseAddress, HTTP_REQUEST_V2* nativeRequest)
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo()
   at Microsoft.AspNetCore.Server.HttpSys.Request.get_RequestInfo()
   at Nanorouter.Metering.RequestTimingFeature.GetHttpSysTimestamps()

.NET Version

6.0.21

Anything else?

No response
@dotnet-issue-labeler dotnet-issue-labeler bot added the area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions label Aug 31, 2023
This was referenced Aug 31, 2023
Merged
Merged
Merged
@Tratcher Tratcher mentioned this issue Aug 31, 2023
Merged
15 tasks
@ghost ghost locked as resolved and limited conversation to collaborators Sep 30, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix pRequestInfo INVALID_POINTER_READ caused by GCs NGloreous/aspnetcore
1 participant
@NGloreous