算术操作导致不安全C#的溢出
-
24-10-2019 - |
题
背景
我们一直在使用Joe Duffy的“ Windows上的并发编程”(第149页)中使用一些代码,生产了一年多了。如果有足够的堆栈空间,则在我们的ASP.NET Web应用程序中使用代码(下)。我们的网站允许用户以简单的专用脚本语言脚本脚本脚本脚本脚本控制逻辑 - 用户有可能脚本脚本脚本讨厌并导致stackoverflow异常,因此我们使用Duffy的代码示例在之前停止执行错误的脚本,然后再停止执行错误的脚本。无捕的stackoverflow异常删除了整个IIS AppPool。这真的很好。
问题
今天下午突然,我们的日志充满了系统。OverFlowException错误。我们在该服务器的每个请求中都有相同的例外。 Swift IIS重置解决了问题。
异常类型:System.OverFlowException
异常消息:算术操作导致溢出。
堆栈跟踪:在system.intptr..ctor(int64值)上的liquidhtmlflowmanager.stackmanage.stackmanagement.checkforsuffitifeStack(uint64 bytes)c: svn svn liquidhtml trunk liquidhtmlflowmlflowmanager stackmanager stackmanager stackmanage.c:liquidhtml trunk stackManager stackmanage.c:liquestml
编码:
public static class StackManagement
{
[StructLayout(LayoutKind.Sequential)]
struct MEMORY_BASIC_INFORMATION
{
public uint BaseAddress;
public uint AllocationBase;
public uint AllocationProtect;
public uint RegionSize;
public uint State;
public uint Protect;
public uint Type;
};
//We are conservative here. We assume that the platform needs a
//whole 16 pages to respond to stack overflow (using an X86/X64
//page-size, not IA64). That's 64KB, which means that for very
//small stacks (e.g. 128kb) we'll fail a lot of stack checks (say in asp.net)
//incorrectly.
private const long STACK_RESERVED_SPACE = 4096 * 16;
/// <summary>
/// Checks to see if there is at least "bytes" bytes free on the stack.
/// </summary>
/// <param name="bytes">Number of Free bytes in stack we need.</param>
/// <returns>If true then there is suffient space.</returns>
public unsafe static bool CheckForSufficientStack(ulong bytes)
{
MEMORY_BASIC_INFORMATION stackInfo = new MEMORY_BASIC_INFORMATION();
//We subtract one page for our request. VirtualQuery rounds up
//to the next page. But the stack grows down. If we're on the
//first page (last page in the VirtualAlloc), we'll be moved to
//the next page which is off the stack! Note this doesn't work
//right for IA64 due to bigger pages.
IntPtr currentAddr = new IntPtr((uint)&stackInfo - 4096);
//Query for the current stack allocation information.
VirtualQuery(currentAddr, ref stackInfo, sizeof(MEMORY_BASIC_INFORMATION));
//If the current address minus the base (remember: the stack
//grows downward in the address space) is greater than the
//number of bytes requested plus the unreserved space at the end,
//the request has succeeded.
System.Diagnostics.Debug.WriteLine(String.Format("CurrentAddr = {0}, stackInfo.AllocationBase = {1}. Space left = {2} bytes.", (uint)currentAddr.ToInt64(),
stackInfo.AllocationBase,
((uint)currentAddr.ToInt64() - stackInfo.AllocationBase)));
return ((uint)currentAddr.ToInt64() - stackInfo.AllocationBase) > (bytes + STACK_RESERVED_SPACE);
}
[DllImport("kernel32.dll")]
private static extern int VirtualQuery(IntPtr lpAddress, ref MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
}
注意:第47行是这一条
IntPtr currentAddr = new IntPtr((uint)&stackInfo - 4096);
问题:
代码的哪一部分溢出,它是从指针到UINT,“ -4096”操作的铸件,还是铸件到INT64?
有什么想法如何使它更强大?
更多信息:
操作系统是64位Windows Server 2008,运行IIS7具有Intel Zeon(X86)CPU。
传递给CheckForsfitificStack函数的参数是:
private const Int32 _minimumStackSpaceLimit = 48 * 1024;
编辑:感谢您的答案。我已经更新了代码以删除铸件并使用指针大小的变量,以便它在32位和64位中起作用。这里应该有人想要它:
public static class StackManagement
{
[StructLayout(LayoutKind.Sequential)]
struct MEMORY_BASIC_INFORMATION
{
public UIntPtr BaseAddress;
public UIntPtr AllocationBase;
public uint AllocationProtect;
public UIntPtr RegionSize;
public uint State;
public uint Protect;
public uint Type;
};
private const long STACK_RESERVED_SPACE = 4096 * 16;
public unsafe static bool CheckForSufficientStack(UInt64 bytes)
{
MEMORY_BASIC_INFORMATION stackInfo = new MEMORY_BASIC_INFORMATION();
UIntPtr currentAddr = new UIntPtr(&stackInfo);
VirtualQuery(currentAddr, ref stackInfo, sizeof(MEMORY_BASIC_INFORMATION));
UInt64 stackBytesLeft = currentAddr.ToUInt64() - stackInfo.AllocationBase.ToUInt64();
System.Diagnostics.Debug.WriteLine(String.Format("CurrentAddr = {0}, stackInfo.AllocationBase = {1}. Space left = {2} bytes.",
currentAddr,
stackInfo.AllocationBase,
stackBytesLeft));
return stackBytesLeft > (bytes + STACK_RESERVED_SPACE);
}
[DllImport("kernel32.dll")]
private static extern int VirtualQuery(UIntPtr lpAddress, ref MEMORY_BASIC_INFORMATION lpBuffer, int dwLength);
}
解决方案
演员是错的。 Stackinfo的地址是64位值。如果不冒险溢出,您不能将其投入到UINT上。减去4096也没有意义,VirtualQuery()无论如何都会找到基本地址。使固定:
IntPtr currentAddr = new IntPtr(&stackInfo);
达菲的代码只能适用于32位代码。