[Mono-bugs] [Bug 450050] Mono crashes to freeing invalid pointer when using custom ICustomMarshaler marshaling return value

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Sat Nov 29 10:40:15 EST 2008


https://bugzilla.novell.com/show_bug.cgi?id=450050

User juhovh at iki.fi added comment
https://bugzilla.novell.com/show_bug.cgi?id=450050#c4





--- Comment #4 from Juho Vähä-Herttua <juhovh at iki.fi>  2008-11-29 08:40:13 MST ---
(In reply to comment #3 from Zoltan Varga)
> Your code frees the same memory block twice: once in destroy (), and once in
> CleanUpNativeData ().

Sigh, that is simply my bad, I tried to simplify the test case too much and
messed it up at the meanwhile.

I am uploading a new test case that should demostrate the problem a bit better.
It also made it clear to me what is actually the problem...to conclude:

Mono should not call CleanUpNativeData for pointers returned directly from the
library. It should only be called for pointers returned from
MarshalManagedToNative method. If the pointer returned from the library should
be freed, a custom marshaler should be created that handles freeing correctly,
not mono. Otherwise it is impossible to implement bindings for the sample code
provided.

Now it probably wouldn't be much of a job to find it from the Mono source and
fix it as well. I already made a test and made sure that the pointer value
returned from the library and given to the CleanUpNativeData in fact is the
same. 

Sorry, I haven't tested this version with real Microsoft .Net because I don't
have access to Windows machines at home. However I had a similar case before
and it didn't crash there...


-- 
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.


More information about the mono-bugs mailing list