develooper Front page | perl.perl5.porters | Postings from October 2013

[perl #118127] Perl crash when run under AppVerifier

Thread Previous
From:
bulk88 via RT
Date:
October 3, 2013 20:08
Subject:
[perl #118127] Perl crash when run under AppVerifier
Message ID:
rt-3.6.HEAD-31239-1380830905-1997.118127-15-0@perl.org
I think I found another report
http://www.tek-tips.com/viewthread.cfm?qid=1231893  of the bug in this
ticket, the bug being the mswsock!SockImportHandle calling
vfbasics!AVrfpNtDeviceIoControlFile with a bad OS handle.

On Server 2003, (not the NT 6 the OP is using), I tried a
"closesocket(2);", 2 being a garbage handle. If
WahReferenceContextByHandle in DSOCKET::GetCountedDSocketFromSocket
returns 0, a tailcall is done to DSOCKET::FindIFSSocket from
DSOCKET::GetCountedDSocketFromSocket. WahReferenceContextByHandle turns
OS socket handles into user mode memory blocks/opaque pointers from the
Winsock service provider. DSOCKET::FindIFSSocket starts doing syscalls
on the bogus handle. The NtQueryObject correctly returns
0xC0000008/STATUS_INVALID_HANDLE for bogus handle "2". I've never used
AppVerifier, but since Winsock will ALWAYS do syscalls on bogus handles
that never were socket handles in the history of the process,
AppVerifier will probably complain. The particular syscall/kernel call
from winsock that generates the invalid handle exception, is very likely
to change with each Windows OS, but it shows that there are detectable
side effects from doing a closesocket on a bogus or disk OS handle.

>	ntdll.dll!_NtQueryObject@20()  + 0x7 bytes	
 	kernel32.dll!_GetHandleInformation@8()  + 0x5f bytes	
 	ws2_32.dll!DSOCKET::FindIFSSocket()  + 0x1c bytes	
 	ws2_32.dll!_closesocket@4()  + 0x2f bytes	
 	API.dll!@Call_asm@16()  Line 100	Asm
 	API.dll!XS_Win32__API_ImportCall(interpreter * my_perl=0x01d49840, cv
* cv=0x00000004)  Line 559	C
 	perl519.dll!Perl_pp_entersub(interpreter * my_perl=0x00000000)  Line
2764	C
 	perl519.dll!Perl_runops_standard(interpreter * my_perl=0x01b64e74) 
Line 42 + 0x4 bytes	C
 	perl519.dll!S_run_body(interpreter * my_perl=0x00000000, long
oldscope=1)  Line 2500 + 0xa bytes	C
 	perl519.dll!perl_run(interpreter * my_perl=0x01b64e74)  Line 2416 +
0x8 bytes	C
 	perl519.dll!RunPerl(int argc=5, char * * argv=0x01b64d68, char * *
env=0x01b63800)  Line 270 + 0x6 bytes	C++
 	perl.exe!main(int argc=5, char * * argv=0x01b64d68, char * *
env=0x01b63800)  Line 23 + 0x12 bytes	C
 	perl.exe!__tmainCRTStartup()  Line 582 + 0x17 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x28 bytes	

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=118127

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About