Vanara: Buffer overflow in GetLogicalProcessorInformationEx

Corrupted values are returned for array index greater than zero (0).

When multiple processor groups are present in a machine, many of the SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX structures are expected to return more than one (1) array element. The first (index 0) array element is always returned correctly however subsequent elements are corrupted.

When the struct containing variable length arrays is marshalled (aka copied) from native memory to managed memory, only the first element in the array is copied. There is a public property added to expose the memory as an array of elements, however only one element’s memory is copied to managed memory, therefore all elements beyond index 0 shall be buffer overflows.

This affects GROUP_RELATIONSHIP.GroupInfo and PROCESSOR_RELATIONSHIP.GroupMask: https://github.com/dahall/Vanara/blob/4fdaf14a557c782d4b69dbe16658eba790e537b1/PInvoke/Kernel32/SysInfoApi.cs#L2884 https://github.com/dahall/Vanara/blob/4fdaf14a557c782d4b69dbe16658eba790e537b1/PInvoke/Kernel32/SysInfoApi.cs#L3335

About this issue

Original URL
State: closed
Created 4 years ago
Comments: 16 (8 by maintainers)

Commits related to this issue

Changed GetLogicalProcessorInformationEx helper method to return a SafeNativeLinkedList rather than an array so that the memory of linked, nested child arrays is not disposed before use. (#176) — committed to dahall/Vanara by dahall 4 years ago
Finally a working solution for #176. — committed to dahall/Vanara by dahall 4 years ago

Most upvoted comments

Sorry. This was a mess. Coming up with a way to preserve the memory, C-style pointers and ANYSIZE structures in a nice, managed way took some time. However, it now works, consistently and isn’t terribly convoluted. Hopefully you find the same.

unsafe
{
   GetLogicalProcessorInformationEx(LOGICAL_PROCESSOR_RELATIONSHIP.RelationGroup, out var info).ThrowIfFailed();
   using (info)
   {
      for (int i = 0; i < info.Count; i++)
      {
         var pr = info[i];
         switch (pr->Relationship)
         {
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationNumaNode:
               pr->NumaNode.WriteValues();
               break;
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationCache:
               pr->Cache.WriteValues();
               break;
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationProcessorCore:
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationProcessorPackage:
               pr->Processor.WriteValues();
               break;
            case LOGICAL_PROCESSOR_RELATIONSHIP.RelationGroup:
               pr->Group.WriteValues();
               break;
            default:
               break;
         }
      }
   }
}

dahall on Nov 12, 2020