Bug 8916 - SIGSEGV for Marshal.ReadXXX
Summary: SIGSEGV for Marshal.ReadXXX
Alias: None
Product: Runtime
Classification: Mono
Component: JIT ()
Version: unspecified
Hardware: PC Mac OS
: --- normal
Target Milestone: ---
Assignee: Bugzilla
Depends on:
Reported: 2012-12-13 11:58 UTC by Marek Safar
Modified: 2012-12-17 09:16 UTC (History)
3 users (show)

Is this bug a regression?: ---
Last known good build:

Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:

Description Marek Safar 2012-12-13 11:58:45 UTC
using System;
using System.Runtime.InteropServices;

class C
	public static void Main ()
		Marshal.ReadInt32 (IntPtr.Zero);


Unhandled Exception: System.AccessViolationException: Attempted to read or write
 protected memory. This is often an indication that other memory is corrupt.
   at System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr ptr, Int32 ofs)
   at System.Runtime.InteropServices.Marshal.ReadInt32(IntPtr ptr)



  at (wrapper managed-to-native) System.Runtime.InteropServices.Marshal.ReadInt32 (intptr,int) <IL 0x00022, 0xffffffff>
  at System.Runtime.InteropServices.Marshal.ReadInt32 (intptr) [0x00000] in /private/tmp/source/bockbuild/profiles/mono-2-10/build-root/mono-2.10.10/_build/mono-2.10.10.git/mcs/class/corlib/System.Runtime.InteropServices/Marshal.cs:681
  at C.Main () [0x00000] in /Users/marek/Projects/ConsoleTest/ConsoleTest/Main.cs:8
  at (wrapper runtime-invoke) object.runtime_invoke_void (object,intptr,intptr,intptr) <IL 0x0004c, 0xffffffff>

Native stacktrace:

	0   mono                                0x00095a7c mono_handle_native_sigsegv + 284
	1   mono                                0x00004c48 mono_sigsegv_signal_handler + 248
	2   libsystem_c.dylib                   0x993b059b _sigtramp + 43
	3   ???                                 0xffffffff 0x0 + 4294967295
	4   ???                                 0x004b49c2 0x0 + 4934082
	5   ???                                 0x004b3178 0x0 + 4927864
	6   ???                                 0x004b2fe8 0x0 + 4927464
	7   ???                                 0x004b3129 0x0 + 4927785
	8   mono                                0x0000d002 mono_jit_runtime_invoke + 722
	9   mono                                0x001a849a mono_runtime_invoke + 170
	10  mono                                0x001ab011 mono_runtime_exec_main + 705
	11  mono                                0x001aa221 mono_runtime_run_main + 929
	12  mono                                0x0006a795 mono_jit_exec + 149
	13  mono                                0x0006cd29 mono_main + 9609
	14  mono                                0x00001ef9 main + 553
	15  mono                                0x00001c85 start + 53
	16  ???                                 0x00000004 0x0 + 4

Debug info from gdb:

Attaching to process 62016.
Reading symbols for shared libraries . done
Reading symbols for shared libraries .................................... done
0x9b412fd5 in __wait4 ()
  4                         0x9b412a9a in recvfrom$UNIX2003 ()
  3                         0x9b410c5e in semaphore_wait_trap ()
  2                         0x9b410c22 in mach_msg_trap ()
* 1 "com.apple.main-thread" 0x9b412fd5 in __wait4 ()

Thread 4 (process 62016):
#0  0x9b412a9a in recvfrom$UNIX2003 ()
#1  0x9930d4a2 in recv$UNIX2003 ()
#2  0x000ac918 in recv_length [inlined] () at :1002
#3  0x000ac918 in debugger_thread (arg=0x0) at debugger-agent.c:7213
#4  0x0023599e in thread_start_routine (args=0x141192c) at wthreads.c:287
#5  0x0026fd68 in GC_start_routine (arg=0x45ff60) at pthread_support.c:1468
#6  0x99358ed9 in _pthread_start ()
#7  0x9935c6de in thread_start ()

Thread 3 (process 62016):
#0  0x9b410c5e in semaphore_wait_trap ()
#1  0x00244dd2 in mono_sem_wait (sem=0x321954, alertable=1) at mono-semaphore.c:115
#2  0x00124ea2 in finalizer_thread (unused=0x0) at gc.c:1087
#3  0x001eef61 in start_wrapper_internal (data=0x6627e0) at threads.c:784
#4  0x001ef057 in start_wrapper (data=0x6627e0) at threads.c:832
#5  0x0023599e in thread_start_routine (args=0x1411834) at wthreads.c:287
#6  0x0026fd68 in GC_start_routine (arg=0x45ff60) at pthread_support.c:1468
#7  0x99358ed9 in _pthread_start ()
#8  0x9935c6de in thread_start ()

Thread 2 (process 62016):
#0  0x9b410c22 in mach_msg_trap ()
#1  0x9b4101f6 in mach_msg ()
#2  0x000d9e0a in mach_exception_thread (arg=0x0) at mini-darwin.c:129
#3  0x0026fd68 in GC_start_routine (arg=0x45ff60) at pthread_support.c:1468
#4  0x99358ed9 in _pthread_start ()
#5  0x9935c6de in thread_start ()

Thread 1 (process 62016):
#0  0x9b412fd5 in __wait4 ()
#1  0x9930d4ec in waitpid$UNIX2003 ()
#2  0x00095b72 in mono_handle_native_sigsegv (signal=11, ctx=0xbffff564) at mini-exceptions.c:2218
#3  0x00004c48 in mono_sigsegv_signal_handler (_dummy=10, info=0xbffff524, context=0xbffff564) at mini.c:5939
#4  <signal handler called>
#5  0x00169f8e in ves_icall_System_Runtime_InteropServices_Marshal_ReadInt32 (ptr=0x0, offset=0) at marshal.c:10708
#6  0x004b49c2 in ?? ()
#7  0x004b3178 in ?? ()
#8  0x004b2fe8 in ?? ()
#9  0x004b3129 in ?? ()
#10 0x0000d002 in mono_jit_runtime_invoke (method=0x13e341c, obj=0x0, params=0xbffff718, exc=0x0) at mini.c:5813
#11 0x001a849a in mono_runtime_invoke (method=0x13e341c, obj=0x0, params=0xbffff718, exc=0x0) at object.c:2788
#12 0x001ab011 in mono_runtime_exec_main (method=0x13e341c, args=0x466d70, exc=0x0) at object.c:3972
#13 0x001aa221 in mono_runtime_run_main (method=0x13e341c, argc=0, argv=0xbffff970, exc=0x0) at object.c:3594
#14 0x0006a795 in mono_jit_exec (domain=0x463e00, assembly=0x2855970, argc=1, argv=0xbffff96c) at driver.c:944
#15 0x0006cd29 in mono_main (argc=4, argv=0xbffff960) at driver.c:1003
#16 0x00001ef9 in main (argc=4, argv=0xbffff960) at main.c:89

Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.

Abort trap: 6
Comment 1 Zoltan Varga 2012-12-16 19:20:38 UTC
Using the Marshal methods is like using unsafe/unmanaged code, there is no safety net. We could in theory check whenever the fault occurred inside Marshal.ReadXXX and throw an exception, but it is a lot of work for little gain.
Comment 2 Marek Safar 2012-12-17 02:05:26 UTC
The gain it not little. 

For example, when debugging it's enough to hover over disposed type (we do set handle to IntPtr.Zero) in MT and whole debugging session crashes which is very annoying.
Comment 3 Zoltan Varga 2012-12-17 09:16:57 UTC
If MT tries to read invalid memory, that is a bug in MT. We can special case IntPtr.Zero if needed.