[Mono-bugs] [Bug 617228] SDB: Using MethodCall.Invoke() to invoke a method containing null reference

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Jun 30 14:04:45 EDT 2010 

http://bugzilla.novell.com/show_bug.cgi?id=617228

http://bugzilla.novell.com/show_bug.cgi?id=617228#c4


--- Comment #4 from Martin Baulig <martin at novell.com> 2010-06-30 18:04:44 UTC ---
Here's what's happening (I'm using a slightly old SVN build on Windows for this
stacktrace, but the problem still exists with the latest 2.6.6 for Windows):

MonoVS uses MethodCall.Invoke() to invoke X.get_HasChildren, which contains a
segfault (_children is null).

While the runtime tries to handle the exception, it calls
mono_get_exception_null_reference() which mono_runtime_invoke()'s
System.NullReferenceException.ctor and at that point, we hit the
single-stepping breakpoint, but Windows doesn't seem to recognize it.

The top frame of the stack is:

02AD0935  cmp         eax,dword ptr ds:[3A0000h] 

and the effective address is the single-stepping page.

======
     02ad0935()    
>	mono.dll!mono_jit_runtime_invoke(_MonoMethod * method=0x026cbaf8, void * obj=0x01f65f18, void * * params=0x00000000, MonoObject * * exc=0x00000000)  Line 4779 + 0x18 bytes	C
     mono.dll!mono_runtime_invoke(_MonoMethod * method=0x026cbaf8, void *
obj=0x01f65f18, void * * params=0x00000000, MonoObject * * exc=0x00000000) 
Line 2613 + 0x18 bytes    C
     mono.dll!mono_runtime_object_init(MonoObject * this=0x01f65f18)  Line 99 +
0x11 bytes    C
     mono.dll!mono_exception_from_name_domain(_MonoDomain * domain=0x00316ea0,
_MonoImage * image=0x02679d08, const char * name_space=0x10563bf0, const char *
name=0x10563bd8)  Line 64 + 0x9 bytes    C
     mono.dll!mono_exception_from_name(_MonoImage * image=0x02679d08, const
char * name_space=0x10563bf0, const char * name=0x10563bd8)  Line 34 + 0x17
bytes    C
     mono.dll!mono_get_exception_null_reference()  Line 280 + 0x15 bytes    C
     mono.dll!mono_handle_exception_internal(MonoContext * ctx=0x0018ef98, void
* obj=0x00000000, void * original_ip=0x02ad06c3, int test_only=0x00000000, int
* out_filter_idx=0x00000000, _MonoJitInfo * * out_ji=0x00000000)  Line 1135 +
0x5 bytes    C
     mono.dll!mono_handle_exception(MonoContext * ctx=0x0018ef98, void *
obj=0x00000000, void * original_ip=0x02ad06c3, int test_only=0x00000000)  Line
1504 + 0x19 bytes    C
     mono.dll!mono_arch_handle_exception(void * sigctx=0x026f5c08, void *
obj=0x00000000, int test_only=0x00000000)  Line 1068 + 0x15 bytes    C
     mono.dll!mono_sigsegv_signal_handler(int _dummy=0x00000000,
_EXCEPTION_RECORD * info=0x0018f1c8, void * context=0x026f5c08)  Line 4896 +
0xd bytes    C
     mono.dll!seh_handler(_EXCEPTION_POINTERS * ep=0x0018f0c8)  Line 192 + 0x1b
bytes    C
     kernel32.dll!CheckForReadOnlyResource()  + 0x3bf bytes    
     [Frames below may be incorrect and/or missing, no symbols loaded for
kernel32.dll]    
     ntdll.dll!RtlKnownExceptionFilter()  + 0xb7 bytes    
     ntdll.dll!RtlInitializeExceptionChain()  + 0x36 bytes    
=======

The mono process crashes here.

Maybe Windows doesn't like the "recursive" segfault inside seh_handler() ?

I also don't understand why System.NullReferenceException.ctor contains the
single-stepping code, I don't think we should be single-stepping when called
from inside the mono_sigsegv_signal_handler().

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list