Skip to content

Crash due to INVALID_POINTER_READ NativeRequestContext.GetRequestInfo #50445

New issue
New issue
Closed
#50446
Closed
Crash due to INVALID_POINTER_READ NativeRequestContext.GetRequestInfo#50445
#50446
Labels
area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions
@NGloreous

Description

@NGloreous
NGloreous
opened on Aug 31, 2023

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When using the IHttpSysRequestInfoFeature it's possible to hit invalid pointer read errors which causes a process crash. It's also possible to hit other issue (see below). The error occurs when a GC moves to memory of the request's _backingBuffer before trying to access the RequestInfo property of IHttpSysRequestInfoFeature.

The issue is with this line of code. Indexing into the pointer will try to deference it but the pointer first needs to be adjusted using the baseAddress to account for any GC moves.

var requestInfo = nativeRequest->pRequestInfo[i];

Expected Behavior

No exceptions should happen.

Steps To Reproduce

No response

Exceptions (if any)

The bug can surface in a few different ways, depending on exactly how the memory was moved around.

INVALID_POINTER_READ crash

This happens when the memory where pRequestInfo points to in no longer valid for the application to reference.

ArgumentOutOfRangeException

System.ArgumentOutOfRangeException: Specified argument was out of the range of valid values.
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo(IntPtr baseAddress, HTTP_REQUEST_V2* nativeRequest)
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo()
   at Microsoft.AspNetCore.Server.HttpSys.Request.get_RequestInfo()
   at Nanorouter.Metering.RequestTimingFeature.GetHttpSysTimestamps()

ArgumentException

System.ArgumentException: An item with the same key has already been added. Key: 0
   at System.Collections.Generic.Dictionary`2.TryInsert(TKey key, TValue value, InsertionBehavior behavior)
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo(IntPtr baseAddress, HTTP_REQUEST_V2* nativeRequest)
   at Microsoft.AspNetCore.HttpSys.Internal.NativeRequestContext.GetRequestInfo()
   at Microsoft.AspNetCore.Server.HttpSys.Request.get_RequestInfo()
   at Nanorouter.Metering.RequestTimingFeature.GetHttpSysTimestamps()

.NET Version

6.0.21

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-networkingIncludes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions