Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Buffer overflow in GetLogicalProcessorInformationEx

See original GitHub issue

Corrupted values are returned for array index greater than zero (0).

When multiple processor groups are present in a machine, many of the SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX structures are expected to return more than one (1) array element. The first (index 0) array element is always returned correctly however subsequent elements are corrupted.

When the struct containing variable length arrays is marshalled (aka copied) from native memory to managed memory, only the first element in the array is copied. There is a public property added to expose the memory as an array of elements, however only one element’s memory is copied to managed memory, therefore all elements beyond index 0 shall be buffer overflows.

This affects GROUP_RELATIONSHIP.GroupInfo and PROCESSOR_RELATIONSHIP.GroupMask: https://github.com/dahall/Vanara/blob/4fdaf14a557c782d4b69dbe16658eba790e537b1/PInvoke/Kernel32/SysInfoApi.cs#L2884 https://github.com/dahall/Vanara/blob/4fdaf14a557c782d4b69dbe16658eba790e537b1/PInvoke/Kernel32/SysInfoApi.cs#L3335

Issue Analytics

State:
Created 3 years ago
Comments:16 (8 by maintainers)

Top GitHub Comments

1reaction

dahallcommented, Nov 12, 2020

Sorry. This was a mess. Coming up with a way to preserve the memory, C-style pointers and ANYSIZE structures in a nice, managed way took some time. However, it now works, consistently and isn’t terribly convoluted. Hopefully you find the same.

unsafe
{
   GetLogicalProcessorInformationEx(LOGICAL_PROCESSOR_RELATIONSHIP.RelationGroup, out var info).ThrowIfFailed();
   using (info)
   {
      for (int i = 0; i < info.Count; i++)
      {
         var pr = info[i];
         switch (pr->Relationship)
         {
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationNumaNode:
               pr->NumaNode.WriteValues();
               break;
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationCache:
               pr->Cache.WriteValues();
               break;
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationProcessorCore:
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationProcessorPackage:
               pr->Processor.WriteValues();
               break;
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationGroup:
               pr->Group.WriteValues();
               break;
            default:
               break;
         }
      }
   }
}

0reactions

CraigNcommented, Nov 12, 2020

Thanks. Working like a charm.