Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cm/go: dll load crashed when enable full page heap #43740

Open
leonshoh opened this issue Jan 16, 2021 · 1 comment
Open

cm/go: dll load crashed when enable full page heap #43740

leonshoh opened this issue Jan 16, 2021 · 1 comment

Comments

@leonshoh
Copy link

@leonshoh leonshoh commented Jan 16, 2021

What version of Go are you using (go version)?

$ go version

go version go1.15.6 windows/amd64

Does this issue reproduce with the latest release?

yes

What operating system and processor architecture are you using (go env)?

go env Output
$ go env

set GO111MODULE=
set GOARCH=amd64
set GOBIN=
set GOCACHE=C:\Users\Administrator\AppData\Local\go-build
set GOENV=C:\Users\Administrator\AppData\Roaming\go\env
set GOEXE=.exe
set GOFLAGS=
set GOHOSTARCH=amd64
set GOHOSTOS=windows
set GOINSECURE=
set GOMODCACHE=E:\go\pkg\mod
set GONOPROXY=
set GONOSUMDB=
set GOOS=windows
set GOPATH=E:\go
set GOPRIVATE=
set GOPROXY=
set GOROOT=D:\Go
set GOSUMDB=sum.golang.org
set GOTMPDIR=
set GOTOOLDIR=D:\Go\pkg\tool\windows_amd64
set GCCGO=gccgo
set AR=ar
set CC=gcc
set CXX=g++
set CGO_ENABLED=1
set GOMOD=
set CGO_CFLAGS=-g -O2
set CGO_CPPFLAGS=
set CGO_CXXFLAGS=-g -O2
set CGO_FFLAGS=-g -O2
set CGO_LDFLAGS=-g -O2
set PKG_CONFIG=pkg-config
set GOGCCFLAGS=-m64 -mthreads -fmessage-length=0 -fdebug-prefix-map=C:\Users\Administrator\AppData\Local\Temp\go-build409441650=/tmp/go-build -gno-record-gcc-switches

What did you do?

// t.go
package main

import "C"
//export ExportMain
func ExportMain() {
}

func main() {
}

use

go build -buildmode=c-shared -o dll.dll t.go

build dll.dll

//
// test.c
#include 
int main()
{
	LoadLibrary(_T("dll.dll"));
	return 0;
}

use

cl /O2 test.c

build test.exe

> gflags /i test.exe +hpa
Current Registry Settings for test.exe executable are: 02000000
    hpa - Enable page heap

What did you expect to see?

program exit normally

>cdb test.exe

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: test.exe
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 00000001`40000000 00000001`4000f000   image00000001`40000000
ModLoad: 00007fff`18500000 00007fff`186f0000   ntdll.dll
ModLoad: 00007fff`171a0000 00007fff`17252000   C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007fff`15e00000 00007fff`160a4000   C:\Windows\System32\KERNELBASE.dll
(2eb0.2a0c): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x35c:
00007fff`185d119c cc              int     3
0:000> g
ModLoad: 00000000`623c0000 00000000`62746000   E:\dll.dll
ModLoad: 00007fff`17260000 00007fff`172fe000   C:\Windows\System32\msvcrt.dll
ModLoad: 00007fff`17430000 00007fff`174d3000   C:\Windows\System32\advapi32.dll
ModLoad: 00007fff`183b0000 00007fff`18447000   C:\Windows\System32\sechost.dll
ModLoad: 00007fff`165b0000 00007fff`166d0000   C:\Windows\System32\RPCRT4.dll
ModLoad: 00007fff`14da0000 00007fff`14dac000   C:\Windows\SYSTEM32\CRYPTBASE.DLL
ModLoad: 00007fff`154e0000 00007fff`15560000   C:\Windows\System32\bcryptPrimitives.dll
ModLoad: 00007fff`12e00000 00007fff`12e24000   C:\Windows\SYSTEM32\winmm.dll
ModLoad: 00007fff`12dd0000 00007fff`12dfd000   C:\Windows\SYSTEM32\winmmbase.dll
ModLoad: 00000000`00170000 00000000`0019d000   C:\Windows\SYSTEM32\WINMMBASE.dll
ModLoad: 00000000`001d0000 00000000`001fd000   C:\Windows\SYSTEM32\winmmbase.dll
ModLoad: 00007fff`15490000 00007fff`154da000   C:\Windows\System32\cfgmgr32.dll
ModLoad: 00007fff`15d00000 00007fff`15dfa000   C:\Windows\System32\ucrtbase.dll
ModLoad: 00007fff`168a0000 00007fff`1690f000   C:\Windows\System32\ws2_32.dll
ModLoad: 00007fff`15440000 00007fff`1548a000   C:\Windows\System32\powrprof.dll
ModLoad: 00007fff`153c0000 00007fff`153d0000   C:\Windows\System32\UMPDC.dll
ntdll!NtTerminateProcess+0x14:
00007fff`1859c5f4 c3              ret
0:000>

What did you see instead?

corrupted memory

>cdb test.exe

Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine:  test.exe
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path.           *
* Use .symfix to have the debugger choose a symbol path.                   *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 00000001`40000000 00000001`4000f000   image00000001`40000000
ModLoad: 00007fff`18500000 00007fff`186f0000   ntdll.dll
ModLoad: 00007ffe`e27e0000 00007ffe`e2851000   C:\Windows\System32\verifier.dll
Page heap: pid 0x2FA0: page heap enabled with flags 0x3.
ModLoad: 00007fff`171a0000 00007fff`17252000   C:\Windows\System32\KERNEL32.DLL
ModLoad: 00007fff`15e00000 00007fff`160a4000   C:\Windows\System32\KERNELBASE.dll
(2fa0.2e6c): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll -
ntdll!LdrInitShimEngineDynamic+0x35c:
00007fff`185d119c cc              int     3
0:000> g
ModLoad: 00000000`623c0000 00000000`62746000   E:\dll.dll
ModLoad: 00007fff`17260000 00007fff`172fe000   C:\Windows\System32\msvcrt.dll
(2fa0.2e6c): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll!RtlCallEnclaveReturn+0x87:
00007fff`185a0042 0f29b100020000  movaps  xmmword ptr [rcx+200h],xmm6 ds:00000000`0014ee58=00000202002b002b0053002b002b0033
0:000> kb
RetAddr           : Args to Child                                                           : Call Site
00007fff`1851f560 : 00000001`4000e000 00000000`00000005 00000000`0014f290 00000000`0014ec58 : ntdll!RtlCallEnclaveReturn+0x87
00007fff`1857426a : 00000000`00000000 00000000`00000004 00000000`0014f310 00000000`0000027f : ntdll!RtlPcToFileHeader+0x160
00007fff`185741e2 : 00007fff`185fb2c7 00000000`00000008 00000000`00000008 00000000`01c05618 : ntdll!RtlWalkFrameChain+0x2a
00007fff`185fafb4 : 00000000`00400000 00000000`04fc0000 00000000`000002d8 00007ffe`e27e3634 : ntdll!RtlCaptureStackBackTrace+0x42
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\System32\verifier.dll -
00007ffe`e27e27e7 : 00007fff`18563a2f 00000000`04fc1038 00000000`000002e0 00000000`0100100a : ntdll!RtlLogStackBackTrace+0x2f4
00007ffe`e27e4070 : 00000000`00001000 00000000`04fc1000 00000000`04fc1000 00000000`000002d8 : verifier!VerifierDisableFaultInjectionExclusionRange+0xae7
00007fff`186047c7 : 00000000`0100100a 00000000`00001001 00000000`04fc1000 00000000`00000000 : verifier!VerifierDisableFaultInjectionExclusionRange+0x2370
00007fff`185b4996 : 00000000`04fc0000 00000000`00000000 00000000`04fc0000 00000000`04fc0000 : ntdll!RtlpNtMakeTemporaryKey+0x3677
00007fff`1853ba3b : 00000000`04fc0000 00000000`0100100a 00000000`000002d8 00000000`000002e0 : ntdll!memset+0x11a16
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\System32\msvcrt.dll -
00007fff`1727a191 : 00000000`00000004 00000000`000002d8 00000000`000002d8 00000000`00000000 : ntdll!RtlAllocateHeap+0x24b
00007fff`17279f1f : 00000000`00000000 00000000`05040f00 00007fff`185b3f2c 00000000`04fc0000 : msvcrt!realloc+0x381
00007fff`1729ad6a : 00000000`00000000 00000000`00000000 00000000`62426080 00000000`6247d374 : msvcrt!realloc+0x10f
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for E:\dll.dll -
00000000`624661f0 : 00000000`00000100 00000000`00000001 00000000`0014f850 00000000`623c14a0 : msvcrt!beginthread+0x5a
00000000`6242603e : 00000000`62467b90 00000000`05040f00 00000000`05040f08 00000000`00000002 : dll!x_cgo_sys_thread_create+0x10
00000000`62467b90 : 00000000`05040f00 00000000`05040f08 00000000`00000002 00000000`0014f850 : dll!rt0_amd64_windows_lib+0x3e
00000000`05040f00 : 00000000`05040f08 00000000`00000002 00000000`0014f850 00000000`00000001 : dll!crosscall_amd64+0x16c0
00000000`05040f08 : 00000000`00000002 00000000`0014f850 00000000`00000001 00000000`00000001 : 0x5040f00
00000000`00000002 : 00000000`0014f850 00000000`00000001 00000000`00000001 00000000`ffffffff : 0x5040f08
00000000`0014f850 : 00000000`00000001 00000000`00000001 00000000`ffffffff 00000000`05040f00 : 0x2
00000000`00000001 : 00000000`00000001 00000000`ffffffff 00000000`05040f00 00000000`623c0000 : 0x14f850
00000000`00000001 : 00000000`ffffffff 00000000`05040f00 00000000`623c0000 00000000`62466645 : 0x1
00000000`ffffffff : 00000000`05040f00 00000000`623c0000 00000000`62466645 00000000`00000001 : 0x1
00000000`05040f00 : 00000000`623c0000 00000000`62466645 00000000`00000001 00000000`00000001 : 0xffffffff
00000000`623c0000 : 00000000`62466645 00000000`00000001 00000000`00000001 00000000`00000001 : 0x5040f00
00000000`62466645 : 00000000`00000001 00000000`00000001 00000000`00000001 00000000`6247d374 : dll
00000000`623c137a : 00000000`7ffe0301 00007fff`1852502a 00000000`00000000 00000000`00000001 : dll!crosscall_amd64+0x175
00007fff`18525021 : 00000000`00000001 00000000`00000000 00000000`00000001 00000000`00000600 : dll+0x137a
00007fff`18569385 : 00000000`01d61ee0 00000000`623c0000 00000000`00000001 00000000`62466880 : ntdll!RtlActivateActivationContextUnsafeFast+0x121
00007fff`18569178 : 00000000`01d63fb0 00000000`01d63f00 00000000`0014fb01 00000000`00000001 : ntdll!LdrGetProcedureAddressEx+0x2b5
00007fff`1852aa17 : 00000000`00000000 00000000`00000000 00000000`0014fca0 00000000`0014fbe8 : ntdll!LdrGetProcedureAddressEx+0xa8
00007fff`18522511 : 00000000`0014fbe8 00000000`0014fbf0 00000000`0014fb00 00000000`0014fbf0 : ntdll!RtlIsCriticalSectionLockedByThread+0x547
00007fff`18522228 : 00000000`0014fbf0 00000000`0014fd90 00000000`0014fe80 00000000`0014fd80 : ntdll!RtlMultiByteToUnicodeSize+0x461
00007fff`185216e4 : 00000000`00000000 00000000`00000001 00000000`03e71000 00000000`03f56f00 : ntdll!RtlMultiByteToUnicodeSize+0x178
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\System32\KERNELBASE.dll -
00007fff`15e25630 : 00000001`40002890 00000000`00000000 00000001`40002890 00000000`03f56f00 : ntdll!LdrLoadDll+0xe4
*** WARNING: Unable to verify checksum for image00000001`40000000
*** ERROR: Module load completed but symbols could not be loaded for image00000001`40000000
00000001`40001011 : 00000000`00000000 00000000`00000006 00000000`0014fee8 00000000`00000000 : KERNELBASE!LoadLibraryExW+0x170
00000001`40001275 : 00000000`00000000 00000000`00000000 00000000`00000006 00000000`000023f0 : image00000001_40000000+0x1011
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\System32\KERNEL32.DLL -
00007fff`171b7bd4 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : image00000001_40000000+0x1275
00007fff`1856ce51 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : KERNEL32!BaseThreadInitThunk+0x14
00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21
@ALTree ALTree changed the title dll load crashed when enable full page heap cm/go: dll load crashed when enable full page heap Jan 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants