Buffer overflow in GetLogicalProcessorInformationEx
See original GitHub issueCorrupted values are returned for array index greater than zero (0).
When multiple processor groups are present in a machine, many of the SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX
structures are expected to return more than one (1) array element. The first (index 0) array element is always returned correctly however subsequent elements are corrupted.
When the struct containing variable length arrays is marshalled (aka copied) from native memory to managed memory, only the first element in the array is copied. There is a public property added to expose the memory as an array of elements, however only one element’s memory is copied to managed memory, therefore all elements beyond index 0 shall be buffer overflows.
This affects GROUP_RELATIONSHIP.GroupInfo
and PROCESSOR_RELATIONSHIP.GroupMask
:
https://github.com/dahall/Vanara/blob/4fdaf14a557c782d4b69dbe16658eba790e537b1/PInvoke/Kernel32/SysInfoApi.cs#L2884
https://github.com/dahall/Vanara/blob/4fdaf14a557c782d4b69dbe16658eba790e537b1/PInvoke/Kernel32/SysInfoApi.cs#L3335
Issue Analytics
- State:
- Created 3 years ago
- Comments:16 (8 by maintainers)
Top GitHub Comments
Sorry. This was a mess. Coming up with a way to preserve the memory, C-style pointers and ANYSIZE structures in a nice, managed way took some time. However, it now works, consistently and isn’t terribly convoluted. Hopefully you find the same.
Thanks. Working like a charm.