Bug 29421 - System.Diagnostics.Process.Start (filename); crash with non executable file
Summary: System.Diagnostics.Process.Start (filename); crash with non executable file
Status: RESOLVED FIXED
Alias: None
Product: Runtime
Classification: Mono
Component: GC ()
Version: unspecified
Hardware: PC Linux
: --- normal
Target Milestone: ---
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2015-04-27 09:35 UTC by Claudio Rodrigo Pereyra Diaz
Modified: 2015-04-28 19:09 UTC (History)
3 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
Test program (957 bytes, text/x-csharp)
2015-04-27 09:35 UTC, Claudio Rodrigo Pereyra Diaz
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description Claudio Rodrigo Pereyra Diaz 2015-04-27 09:35:06 UTC
Created attachment 10913 [details]
Test program

OS Version: Fedora 21 x86_64
Mono version: 4.0.1 and 4.0.0-Alpha1

Mono JIT compiler version 4.0.1 (tarball Mon Apr 27 10:16:11 UTC 2015)
Copyright (C) 2002-2014 Novell, Inc, Xamarin Inc and Contributors. www.mono-project.com
	TLS:           __thread
	SIGSEGV:       altstack
	Notifications: epoll
	Architecture:  amd64
	Disabled:      none
	Misc:          softdebug 
	LLVM:          supported, not enabled.
	GC:            sgen

Reproduce:
When try to open a file with default native application to the MIME type of file using:

string filename = "/home/elsupergomez/test.txt";
System.Diagnostics.Process.Start (filename);

Note: The same code work fine with mono 3.12.1 or minor

Expected output: Open the file with de native app for the MIME type of file.

Actual output:

*** Error in `mono': double free or corruption (fasttop): 0x00000000023ee1d0 ***
======= Backtrace: =========
/lib64/libc.so.6[0x33c4a77d9e]
/lib64/libc.so.6(cfree+0x5b5)[0x33c4a839f5]
mono[0x612a3e]
mono[0x613800]
mono[0x5832c0]
[0x41938edb]
======= Memory map: ========
00400000-0074e000 r-xp 00000000 09:7f 397628                             /usr/bin/mono-sgen
0094e000-0094f000 r--p 0034e000 09:7f 397628                             /usr/bin/mono-sgen
0094f000-00958000 rw-p 0034f000 09:7f 397628                             /usr/bin/mono-sgen
00958000-00993000 rw-p 00000000 00:00 0 
022e8000-024ad000 rw-p 00000000 00:00 0                                  [heap]
401c9000-401ca000 ---p 00000000 00:00 0 
4058f000-4059f000 rwxp 00000000 00:00 0 
414d5000-414d6000 r--p 00000000 00:00 0 
41910000-41940000 rwxp 00000000 00:00 0 
33c4600000-33c4621000 r-xp 00000000 09:7f 401431                         /usr/lib64/ld-2.20.so
33c4821000-33c4822000 r--p 00021000 09:7f 401431                         /usr/lib64/ld-2.20.so
33c4822000-33c4823000 rw-p 00022000 09:7f 401431                         /usr/lib64/ld-2.20.so
33c4823000-33c4824000 rw-p 00000000 00:00 0 
33c4a00000-33c4bb3000 r-xp 00000000 09:7f 401436                         /usr/lib64/libc-2.20.so
33c4bb3000-33c4db3000 ---p 001b3000 09:7f 401436                         /usr/lib64/libc-2.20.so
33c4db3000-33c4db7000 r--p 001b3000 09:7f 401436                         /usr/lib64/libc-2.20.so
33c4db7000-33c4db9000 rw-p 001b7000 09:7f 401436                         /usr/lib64/libc-2.20.so
33c4db9000-33c4dbd000 rw-p 00000000 00:00 0 
33c4e00000-33c4e17000 r-xp 00000000 09:7f 416802                         /usr/lib64/libpthread-2.20.so
33c4e17000-33c5016000 ---p 00017000 09:7f 416802                         /usr/lib64/libpthread-2.20.so
33c5016000-33c5017000 r--p 00016000 09:7f 416802                         /usr/lib64/libpthread-2.20.so
33c5017000-33c5018000 rw-p 00017000 09:7f 416802                         /usr/lib64/libpthread-2.20.so
33c5018000-33c501c000 rw-p 00000000 00:00 0 
33c5200000-33c5203000 r-xp 00000000 09:7f 416783                         /usr/lib64/libdl-2.20.so
33c5203000-33c5402000 ---p 00003000 09:7f 416783                         /usr/lib64/libdl-2.20.so
33c5402000-33c5403000 r--p 00002000 09:7f 416783                         /usr/lib64/libdl-2.20.so
33c5403000-33c5404000 rw-p 00003000 09:7f 416783                         /usr/lib64/libdl-2.20.so
33c5a00000-33c5b07000 r-xp 00000000 09:7f 418475                         /usr/lib64/libm-2.20.so
33c5b07000-33c5d06000 ---p 00107000 09:7f 418475                         /usr/lib64/libm-2.20.so
33c5d06000-33c5d07000 r--p 00106000 09:7f 418475                         /usr/lib64/libm-2.20.so
33c5d07000-33c5d08000 rw-p 00107000 09:7f 418475                         /usr/lib64/libm-2.20.so
33c6e00000-33c6e16000 r-xp 00000000 09:7f 418730                         /usr/lib64/libgcc_s-4.9.2-20150212.so.1
33c6e16000-33c7015000 ---p 00016000 09:7f 418730                         /usr/lib64/libgcc_s-4.9.2-20150212.so.1
33c7015000-33c7016000 r--p 00015000 09:7f 418730                         /usr/lib64/libgcc_s-4.9.2-20150212.so.1
33c7016000-33c7017000 rw-p 00016000 09:7f 418730                         /usr/lib64/libgcc_s-4.9.2-20150212.so.1
33c7600000-33c7607000 r-xp 00000000 09:7f 418696                         /usr/lib64/librt-2.20.so
33c7607000-33c7806000 ---p 00007000 09:7f 418696                         /usr/lib64/librt-2.20.so
33c7806000-33c7807000 r--p 00006000 09:7f 418696                         /usr/lib64/librt-2.20.so
33c7807000-33c7808000 rw-p 00007000 09:7f 418696                         /usr/lib64/librt-2.20.so
33e3600000-33e3616000 r-xp 00000000 09:7f 418997                         /usr/lib64/libnsl-2.20.so
33e3616000-33e3815000 ---p 00016000 09:7f 418997                         /usr/lib64/libnsl-2.20.so
33e3815000-33e3816000 r--p 00015000 09:7f 418997                         /usr/lib64/libnsl-2.20.so
33e3816000-33e3817000 rw-p 00016000 09:7f 418997                         /usr/lib64/libnsl-2.20.so
33e3817000-33e3819000 rw-p 00000000 00:00 0 
7ff150000000-7ff150021000 rw-p 00000000 00:00 0 
7ff150021000-7ff154000000 ---p 00000000 00:00 0 
7ff1574bb000-7ff1576b3000 r--p 00000000 09:7f 1715156                    /usr/lib/mono/gac/System/4.0.0.0__b77a5c561934e089/System.dll
7ff1576b3000-7ff1576bc000 ---p 00000000 00:00 0 
7ff1576bc000-7ff1578b4000 rw-p 00000000 00:00 0                          [stack:12368]
7ff1578b4000-7ff157c00000 r--p 00000000 09:7f 1195219                    /usr/lib/mono/4.5/mscorlib.dll
7ff157c00000-7ff159000000 rw-p 00000000 00:00 0 
7ff15901c000-7ff15909c000 rw-p 00000000 00:00 0 
7ff1590a0000-7ff1590c6000 r--p 00000000 09:7f 393885                     /usr/share/locale/es/LC_MESSAGES/libc.mo
7ff1590c6000-7ff1590c7000 rw-p 00000000 00:00 0 
7ff1590c7000-7ff159126000 ---p 00000000 00:00 0 
7ff159126000-7ff15992b000 r--s 00000000 09:7f 1183192                    /var/lib/sss/mc/passwd
7ff15992b000-7ff159933000 r-xp 00000000 09:7f 401839                     /usr/lib64/libnss_sss.so.2
7ff159933000-7ff159b32000 ---p 00008000 09:7f 401839                     /usr/lib64/libnss_sss.so.2
7ff159b32000-7ff159b33000 r--p 00007000 09:7f 401839                     /usr/lib64/libnss_sss.so.2
7ff159b33000-7ff159b34000 rw-p 00008000 09:7f 401839                     /usr/lib64/libnss_sss.so.2
7ff159b34000-7ff159b3f000 r-xp 00000000 09:7f 406424                     /usr/lib64/libnss_nis-2.20.so
7ff159b3f000-7ff159d3e000 ---p 0000b000 09:7f 406424                     /usr/lib64/libnss_nis-2.20.so
7ff159d3e000-7ff159d3f000 r--p 0000a000 09:7f 406424                     /usr/lib64/libnss_nis-2.20.so
7ff159d3f000-7ff159d40000 rw-p 0000b000 09:7f 406424                     /usr/lib64/libnss_nis-2.20.so
7ff159d40000-7ff159d4c000 r-xp 00000000 09:7f 418409                     /usr/lib64/libnss_files-2.20.so
7ff159d4c000-7ff159f4b000 ---p 0000c000 09:7f 418409                     /usr/lib64/libnss_files-2.20.so
7ff159f4b000-7ff159f4c000 r--p 0000b000 09:7f 418409                     /usr/lib64/libnss_files-2.20.so
7ff159f4c000-7ff159f4d000 rw-p 0000c000 09:7f 418409                     /usr/lib64/libnss_files-2.20.so
7ff159f4d000-7ff1604c0000 r--p 00000000 09:7f 672599                     /usr/lib/locale/locale-archive
7ff1604c0000-7ff1604c5000 rw-p 00000000 00:00 0 
7ff1604cb000-7ff1604d7000 rw-p 00000000 00:00 0 
7ff1604d7000-7ff1604de000 r--s 00000000 09:7f 407631                     /usr/lib64/gconv/gconv-modules.cache
7ff1604de000-7ff1604df000 r--p 00000000 00:2d 30803655                   /home/elsupergomez/Proyectos/TestBug/TestBug/test.exe
7ff1604df000-7ff1604e9000 rw-p 00000000 00:00 0 
7ff1604e9000-7ff1604ea000 rw-s 00000000 00:12 262618594                  /dev/shm/mono.12367
7ff1604ea000-7ff1604eb000 rw-p 00000000 00:00 0 
7fff1ef42000-7fff1ef4a000 ---p 00000000 00:00 0 
7fff1f720000-7fff1f741000 rw-p 00000000 00:00 0                          [stack]
7fff1f750000-7fff1f752000 r--p 00000000 00:00 0                          [vvar]
7fff1f752000-7fff1f754000 r-xp 00000000 00:00 0                          [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Stacktrace:

  at <unknown> <0xffffffff>
  at (wrapper managed-to-native) System.Diagnostics.Process.ShellExecuteEx_internal (System.Diagnostics.ProcessStartInfo,System.Diagnostics.Process/ProcInfo&) <0xffffffff>
  at System.Diagnostics.Process.Start_shell (System.Diagnostics.ProcessStartInfo,System.Diagnostics.Process) <0x000b3>
  at System.Diagnostics.Process.Start_common (System.Diagnostics.ProcessStartInfo,System.Diagnostics.Process) <0x000bf>
  at System.Diagnostics.Process.Start (System.Diagnostics.ProcessStartInfo) <0x0005b>
  at System.Diagnostics.Process.Start (string) <0x00037>
  at TestBug.MainClass.Main (string[]) <0x00087>
  at (wrapper runtime-invoke) <Module>.runtime_invoke_void_object (object,intptr,intptr,intptr) <0xffffffff>

Native stacktrace:

	mono() [0x4b739f]
	/lib64/libpthread.so.0() [0x33c4e100d0]
	/lib64/libc.so.6(gsignal+0x37) [0x33c4a348d7]
	/lib64/libc.so.6(abort+0x16a) [0x33c4a3653a]
	/lib64/libc.so.6() [0x33c4a77da3]
	/lib64/libc.so.6(cfree+0x5b5) [0x33c4a839f5]
	mono() [0x612a3e]
	mono() [0x613800]
	mono() [0x5832c0]
	[0x41938edb]

Debug info from gdb:

warning: File "/usr/bin/mono-sgen-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
To enable execution of this file add
	add-auto-load-safe-path /usr/bin/mono-sgen-gdb.py
line to your configuration file "/home/cpereyra/.gdbinit".
To completely disable this security protection add
	set auto-load safe-path /
line to your configuration file "/home/cpereyra/.gdbinit".
For more information about this security protection see the
"Auto-loading safe path" section in the GDB manual.  E.g., run from the shell:
	info "(gdb)Auto-loading safe path"
warning: File "/usr/bin/mono-sgen-gdb.py" auto-loading has been declined by your `auto-load safe-path' set to "$debugdir:$datadir/auto-load".
[New LWP 12368]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
0x00000033c4e0fc6b in waitpid () from /lib64/libpthread.so.0
  Id   Target Id         Frame 
  2    Thread 0x7ff1578b3700 (LWP 12368) "Finalizer" 0x00000033c4e0e710 in sem_wait () from /lib64/libpthread.so.0
* 1    Thread 0x7ff1604c0780 (LWP 12367) "mono" 0x00000033c4e0fc6b in waitpid () from /lib64/libpthread.so.0

Thread 2 (Thread 0x7ff1578b3700 (LWP 12368)):
#0  0x00000033c4e0e710 in sem_wait () from /lib64/libpthread.so.0
#1  0x000000000062a946 in mono_sem_wait ()
#2  0x00000000005ac002 in finalizer_thread ()
#3  0x000000000058fbf4 in start_wrapper ()
#4  0x000000000062f965 in inner_start_thread ()
#5  0x00000033c4e0752a in start_thread () from /lib64/libpthread.so.0
#6  0x00000033c4b0022d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7ff1604c0780 (LWP 12367)):
#0  0x00000033c4e0fc6b in waitpid () from /lib64/libpthread.so.0
#1  0x00000000004b743a in mono_handle_native_sigsegv ()
#2  <signal handler called>
#3  0x00000033c4a348d7 in raise () from /lib64/libc.so.6
#4  0x00000033c4a3653a in abort () from /lib64/libc.so.6
#5  0x00000033c4a77da3 in __libc_message () from /lib64/libc.so.6
#6  0x00000033c4a839f5 in free () from /lib64/libc.so.6
#7  0x0000000000612a3e in wapi_CreateProcess ()
#8  0x0000000000613800 in wapi_ShellExecuteEx ()
#9  0x00000000005832c0 in ves_icall_System_Diagnostics_Process_ShellExecuteEx_internal ()
#10 0x0000000041938edb in ?? ()
#11 0x0000000002380b90 in ?? ()
#12 0x00007fff1f73e5d0 in ?? ()
#13 0x0000000041910e80 in ?? ()
#14 0x00007ff158c16438 in ?? ()
#15 0x00007ff158c164d8 in ?? ()
#16 0x00000000023771b0 in ?? ()
#17 0x0000000041938b42 in ?? ()
#18 0x00007fff1f73e1d0 in ?? ()
#19 0x00007fff1f73e0b0 in ?? ()
#20 0x0000000041938904 in ?? ()
#21 0x00ffffffffffffff in ?? ()
#22 0x0000000000000000 in ?? ()

=================================================================
Got a SIGABRT while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Abortado (`core' generado)
Comment 1 Zoltan Varga 2015-04-28 19:08:32 UTC
This is already fixed on mono-4.0.0-branch by

*** This bug has been marked as a duplicate of bug 28209 ***
Comment 2 Zoltan Varga 2015-04-28 19:09:54 UTC
This is already fixed on mono-4.0.0-branch by d0620f1ab506798f4582e281e1ccaa80f99330ad.