Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BinSkim crashes (AccessViolationException) loading Xamarin.Mac.pdb #881

Open
spadapet opened this issue May 2, 2023 · 4 comments
Open

BinSkim crashes (AccessViolationException) loading Xamarin.Mac.pdb #881

spadapet opened this issue May 2, 2023 · 4 comments

Comments

@spadapet
Copy link
Member

spadapet commented May 2, 2023
edited
Loading

When I run BinSkim v1.9.5 against a specific file (Xamarin.Mac.dll + pdb) then BinSkim crashes with an access violation.
I attached the DLL + PDB to this ADO task in a ZIP file:

Here's the command I used:

  • "...\microsoft.codeanalysis.binskim.1.9.5\tools\netcoreapp3.1\win-x64\BinSkim.exe" analyze --config default --recurse --sarif-output-version OneZeroZero --output binskim.sarif @toolinput

Where the "toolinput" file just contains the path to Xamarin.Mac.dll

The result is:

Analyzing...
Fatal error. System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt.
   at Dia2Lib.IDiaDataSource.loadDataForExe(System.String, System.String, System.Object)
   at Dia2Lib.IDiaDataSource.loadDataForExe(System.String, System.String, System.Object)
   at Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb.WindowsNativeLoadPdbFromPEUsingDia(System.String, System.String, System.String)
   at Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb.Init(System.String, System.String, System.String)
   at Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb..ctor(System.String, System.String, System.String, Boolean)
   at Microsoft.CodeAnalysis.BinaryParsers.PEBinary.TryLoadPdb(System.String, System.String, System.String, System.String, Boolean, Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb ByRef)
   at Microsoft.CodeAnalysis.BinaryParsers.PEBinary.LoadPdb()
   at System.Lazy`1[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ViaFactory(System.Threading.LazyThreadSafetyMode)
   at System.Lazy`1[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].ExecutionAndPublication(System.LazyHelper, Boolean)
   at System.Lazy`1[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].CreateValue()
   at System.Lazy`1[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].get_Value()
   at Microsoft.CodeAnalysis.BinaryParsers.PEBinary.get_Pdb()
   at Microsoft.CodeAnalysis.IL.Rules.WindowsBinaryAndPdbSkimmerBase.Analyze(Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].AnalyzeTargetHelper(System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].AnalyzeTarget(System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].DetermineApplicabilityAndAnalyze(System.__Canon, System.Collections.Generic.IEnumerable`1<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer`1<System.__Canon>>, System.Collections.Generic.ISet`1<System.String>)
   at Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].MoveNext()
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].ExecutionContextCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].MoveNext(System.Threading.Thread)
   at System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1+AsyncStateMachineBox`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase`2+<AnalyzeTargetAsync>d__40[[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e],[System.__Canon, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]], Sarif.Driver, Version=2.4.15.0, Culture=neutral, PublicKeyToken=21a5e83f6f5bb844]].MoveNext()
   at System.Threading.ThreadPoolGlobals+<>c.<.cctor>b__5_0(System.Object)
   at System.Threading.Channels.AsyncOperation`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].SetCompletionAndInvokeContinuation()
   at System.Threading.Channels.AsyncOperation`1[[System.Boolean, System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]].System.Threading.IThreadPoolWorkItem.Execute()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
@spadapet
Copy link
Member Author

spadapet commented May 2, 2023

Here's the actual callstack, looks like msdia140.dll has the problem with this specific PDB file:

msdia140.dll!PortablePDB::CollectLineColumnInfo() Line 1185
msdia140.dll!PortablePDB::ConvertPortablePDB(PDB * * pppdb, const char * szMode, long & ec) Line 1621
msdia140.dll!PDB1::OpenPortablePDB(const wchar_t * wszPDB, IStream * pStream, const char * szMode, PDB * * pppdb, long & ec) Line 743
msdia140.dll!PDB1::OpenEx2W(const wchar_t * wszPDB, const char * szMode, unsigned long sigInitial, long cbPage, long * pec, wchar_t * wszError, unsigned __int64 cchErrMax, PDB * * pppdb) Line 712
msdia140.dll!PDB1::OpenValidate4(const wchar_t * wszPDB, const char * szMode, const _GUID * pcsig70, unsigned long sig, unsigned long age, long * pec, wchar_t * wszError, unsigned __int64 cchErrMax, PDB * * pppdb) Line 922
msdia140.dll!LOCATOR::FOpenValidate4(const wchar_t * wszPdb) Line 1591
[Inline Frame] msdia140.dll!LOCATOR::FLocatePdbDefault(const wchar_t *) Line 1477
msdia140.dll!LOCATOR::FLocatePdb(const wchar_t * wszSearchPath) Line 619
[Inline Frame] msdia140.dll!PDBCommon::OpenValidateCore(const wchar_t *) Line 235
msdia140.dll!PDBCommon::OpenValidate7(const wchar_t * wszExecutable, const wchar_t * wszSearchPath, const char * szMode, int fSearchBinDirOnly, void * pvClient, int(*)()(*)(void *, POVC) pfnQueryCallback, long * pec, wchar_t * wszError, unsigned __int64 cchErrMax, PDB * * pppdb) Line 299
msdia140.dll!CDiaDataSource::loadDataForExeHelper(const wchar_t * wszExecutable, const wchar_t * wszSearchPath, IUnknown * pCallback, const char * szMode, int fSearchBinDirOnly) Line 385
msdia140.dll!CDiaDataSource::loadDataForExe(const wchar_t * wszExecutable, const wchar_t * wszSearchPath, IUnknown * pCallback) Line 419
[Managed to Native Transition]	
BinaryParsers.dll!Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb.WindowsNativeLoadPdbFromPEUsingDia(string peOrPdbPath, string symbolPath, string localSymbolDirectories) Line 495
BinaryParsers.dll!Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb.Init(string pePath, string symbolPath, string localSymbolDirectories) Line 419
BinaryParsers.dll!Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb.Pdb(string pePath, string symbolPath, string localSymbolDirectories, bool traceLoads) Line 54
BinaryParsers.dll!Microsoft.CodeAnalysis.BinaryParsers.PEBinary.TryLoadPdb(string peOrPdbPath, string extension, string symbolPath, string localSymbolDirectories, bool tracePdbLoad, out Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb pdb) Line 232
BinaryParsers.dll!Microsoft.CodeAnalysis.BinaryParsers.PEBinary.LoadPdb() Line 140
System.Private.CoreLib.dll!System.Lazy<Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb>.ViaFactory(System.Threading.LazyThreadSafetyMode mode)
System.Private.CoreLib.dll!System.Lazy<System.__Canon>.ExecutionAndPublication(System.LazyHelper executionAndPublication, bool useDefaultConstructor)
System.Private.CoreLib.dll!System.Lazy<Microsoft.CodeAnalysis.BinaryParsers.ProgramDatabase.Pdb>.CreateValue()
System.Private.CoreLib.dll!System.Lazy<System.__Canon>.Value.get()
BinaryParsers.dll!Microsoft.CodeAnalysis.BinaryParsers.PEBinary.Pdb.get() Line 83
BinSkim.Rules.dll!Microsoft.CodeAnalysis.IL.Rules.WindowsBinaryAndPdbSkimmerBase.Analyze(Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext context) Line 39
Sarif.Driver.dll!Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.AnalyzeTargetHelper(Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext context, System.Collections.Generic.IEnumerable<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext>> skimmers, System.Collections.Generic.ISet<string> disabledSkimmers) Line 1074
Sarif.Driver.dll!Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.AnalyzeTarget(Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext context, System.Collections.Generic.IEnumerable<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext>> skimmers, System.Collections.Generic.ISet<string> disabledSkimmers) Line 1051
Sarif.Driver.dll!Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.DetermineApplicabilityAndAnalyze(Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext context, System.Collections.Generic.IEnumerable<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext>> skimmers, System.Collections.Generic.ISet<string> disabledSkimmers) Line 989
Sarif.Driver.dll!Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.ScanTargetsAsync(System.Collections.Generic.IEnumerable<Microsoft.CodeAnalysis.Sarif.Driver.Skimmer<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext>> skimmers, System.Collections.Generic.ISet<string> disabledSkimmers) Line 612
[Resuming Async Method]	
System.Private.CoreLib.dll!System.Runtime.CompilerServices.AsyncTaskMethodBuilder<bool>.AsyncStateMachineBox<Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.<ScanTargetsAsync>d__45>.ExecutionContextCallback(object s)
System.Private.CoreLib.dll!System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext executionContext, System.Threading.ContextCallback callback, object state)
System.Private.CoreLib.dll!System.Runtime.CompilerServices.AsyncTaskMethodBuilder<bool>.AsyncStateMachineBox<Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.<ScanTargetsAsync>d__45>.MoveNext(System.Threading.Thread threadPoolThread)
System.Private.CoreLib.dll!System.Runtime.CompilerServices.AsyncTaskMethodBuilder<bool>.AsyncStateMachineBox<System.__Canon>.MoveNext()
System.Private.CoreLib.dll!System.Threading.ThreadPoolGlobals..cctor.AnonymousMethod__5_0(object state)
System.Threading.Channels.dll!System.Threading.Channels.AsyncOperation<bool>.SetCompletionAndInvokeContinuation()
System.Threading.Channels.dll!System.Threading.Channels.AsyncOperation<bool>.System.Threading.IThreadPoolWorkItem.Execute()
System.Private.CoreLib.dll!System.Threading.ThreadPoolWorkQueue.Dispatch()
System.Private.CoreLib.dll!System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
[Native to Managed Transition]	
kernel32.dll!00007ffa044a269d()
ntdll.dll!00007ffa05fea9f8()
[Async Call Stack]	
[Async] System.Private.CoreLib.dll!System.Threading.Tasks.Task.Run
[Async] System.Private.CoreLib.dll!System.Threading.Tasks.Task.WhenAll
[Async] Sarif.Driver.dll!Microsoft.CodeAnalysis.Sarif.Driver.MultithreadedAnalyzeCommandBase<Microsoft.CodeAnalysis.IL.Sdk.BinaryAnalyzerContext, Microsoft.CodeAnalysis.IL.AnalyzeOptions>.MultithreadedAnalyzeTargets.AnonymousMethod__3(System.Threading.Tasks.Task<bool[]> _) Line 246

@shaopeng-gh
Copy link
Collaborator

Hello, we relied on the Microsoft msdia140.dll to load the PDB. I have tried locally upgraded the msdia140.dll to latest version, the error is still the same.
Also this does not related to BinSkim 1.9.5, the latest main also have the same error.
It is possible that the pdb is corrupted or not fully follow standard.
If this is not a wide speeded issue, please exclude this dll from scan target.

@andriipatsula andriipatsula mentioned this issue Jul 12, 2023
Closed
@andriipatsula
Copy link
Member

We are attempting to configure BinSkim to execute on artifacts generated by the official dotnet build, and I am encountering the same problem when running it on the dotnet/runtime repository. (it's a company requirement to scan all binaries we are shipping) issue: dotnet/arcade-services#2744
Do we have any workarounds for this issue?

@spadapet
Copy link
Member Author

@andriipatsula I worked around it by deleting the PDB file right before BinSkim runs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@spadapet @andriipatsula @shaopeng-gh