[System.Drawing.Common] Work around libgdiplus use after free #43074
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Tagging subscribers to this area: @roji, @ajcvickers |
lambdageek
force-pushed
the
fix-gh-37838-holder
branch
from
08093c8 to
9a4e76c
Compare
On Windows, both of the following are legal
Metafile mf = ... ; // get a metafile instance
Graphics g = Graphics.FromImage(mf);
g.Dispose(); mf.Dispose();
and
Metafile mf = ... ; // get a metafile instance
Graphics g = Graphics.FromImage(mf);
mf.Dispose(); g.Dispose();
On Unix, libgdiplus has a use after free bug for the second form - the metafile
native image is disposed, but the graphics instance still has a pointer to the
memory that it will use during cleanup. If the memory is reused, the graphics
instance will see garbage values and crash.
The workaround is to add a MetadataHolder class and to transfer responsibility
for disposing of the native image instance to it if the Metafile is disposed
before the Graphics.
Note that the following is not allowed (throws OutOfMemoryException on GDI+ on
Windows), so there's only ever one instance of Graphics associated with a
Metafile at a time.
Graphics g = Graphics.FromImage(mf);
Graphics g2 = Graphics.FromImage(mf); // throws
Addresses dotnet#37838
lambdageek
force-pushed
the
fix-gh-37838-holder
branch
from
9a4e76c to
48c2b9e
Compare
|
Tagging subscribers to this area: @safern, @tannergooding, @jeffhandley |
|
One thing I'm not sure about - is it worthwhile to make One reason not to do it might be because the rest of the SafeHandle methods aren't really meaningful to |
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Outdated
Show resolved
Hide resolved
safern
reviewed
Oct 6, 2020
src/libraries/System.Drawing.Common/src/System/Drawing/Imaging/Metafile.Unix.cs
Show resolved
Hide resolved
|
cc: @stephentoub |
Co-authored-by: Santiago Fernandez Madero <safern@microsoft.com>
This was referenced Oct 7, 2020
safern
approved these changes
Oct 8, 2020
ghost
locked as resolved and limited conversation to collaborators
RussKie
reviewed
Jan 14, 2021
| // Metafile mf = ...; // get a metafile instance | ||
| // Graphics g = Graphics.FromImage(mf); | ||
| // Graphics g2 = Graphics.FromImage(mf); // throws OutOfMemoryException on GDI+ on Win32 | ||
| internal sealed class MetafileHolder : IDisposable |
There was a problem hiding this comment.
Just for my own curiosity, any reason not to make it a struct?
There was a problem hiding this comment.
Looks like it has a finalizer. Structs can't have finalizers.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
On Windows, both of the following are legal
and
On Unix, libgdiplus has a use after free bug for the second form - the metafile
native image is disposed, but the graphics instance still has a pointer to the
memory that it will use during cleanup. If the memory is reused, the graphics
instance will see garbage values and crash.
The workaround is to add a MetadataHolder class and to transfer responsibility
for disposing of the native image instance to it if the Metafile is disposed
before the Graphics.
Note that the following is not allowed (throws OutOfMemoryException on GDI+ on
Windows), so there's only ever one instance of Graphics associated with a
Metafile at a time.
Addresses #37838