fsc 4.0 Unhandled Exception: System.AccessViolationException #517
Comments
|
Doing the same thing with a C# class library builds OK, so I don't think the NuGet package can be completely smashed. |
|
Some quick findings:
So root cause is something in FileDb.dll, though it's quite possible we should still be able to handle it (I wonder what C# is doing?). |
|
from symptoms I would say that FileDb.dll is obfuscated |
|
You're right, it's obfuscated - I just checked with ILSpy. It's a free database with an option to buy the source, so I guess that's why the obfuscation. Presumably the bogus metadata is designed by the obfuscator to crash decompilers but not C#, VB or the assembly loader. It would be nice if F# coped too but it's also fair enough if it doesn't. |
|
Ok, I can see what is going on. As a fix we can either defer reading information about referenced assemblies or make IL reading facilities more resilient to invalid metadata. Former change will be more invasive, the latter one seems more surgical - I've implemented it (https://github.com/Microsoft/visualfsharp/compare/fsharp4...vladima:blobHeapSize?expand=1), seems to be small enough. Not sure what is the best way to add a regression test for this case, putting 'FileDb.dll' as a test asset does not seem right to me, pinging @latkin for better ideas :) |
|
@vladima - do I understand right that this would require manual byte tweaking, i.e. couldn't be reproduced through ilasm? Might not be so bad to have small checked-in repro binary, as long as we also include backing source code and instructions on how to create/modify the binary. What is the result of your fix, does the compile now succeed or just fail more gracefully? Looks like empty array returned from |
|
@latkin yes, this is correct. [<EntryPoint>]
let main _ =
0Prior to my fix it failed and now compilation passes successfully AFAIR Cecil also returns empty array in case if requested index is out of the range of the Blob heap |
|
@latkin did you actually get the crash in this place or you just assuming that it might fail there? in the former case can you share a repro? |
|
No, I just tried to follow the path of execution through the source and I thought that's where it would end up. |
|
no, in general this bogus reference should not ever be used and is present to trick the decompiler. |
Obfuscated assemblies can have a bogus extra reference to mscorlib which has incorrect index in Blob heap for HashValue - index value was out of range of the heap.I guess the assumption was that compiler will not try to realize the whole set of information for this AssemblyRef entry but decompiler will try to do. The problem was that F# compiler is eagerly trying to populate information about referenced assemblies for the given assembly so it crashes during the attempt to read this malformed entry. fixes #517 closes #519 commit 326a7fc Author: Vladimir Matveev <[email protected]> Date: Wed Jul 1 00:27:11 2015 -0700 added tests commit 1d8dd07 Author: Vladimir Matveev <[email protected]> Date: Mon Jun 29 00:14:27 2015 -0700 fix incorrect condition commit 0c0c696 Author: Vladimir Matveev <[email protected]> Date: Sun Jun 28 23:30:38 2015 -0700 added range check to readBlobHeapUncached
Creating an empty F# class library in Visual Studio 2015 RC with F# 4 installed, and referencing the NuGet package Xaml.MapControl 2.4.12, then building produces the following crash (with MSBuild set to detailed).
The text was updated successfully, but these errors were encountered: