CLR SafeHandle Consideration

原创 2007年09月19日 21:07:00

CLR SafeHandle Consideration

原贴地址:
http://eparg.spaces.live.com/blog/cns!59BFC22C0E7E1A76!576.entry
原贴时间:
2006-03-01
原贴作者:
eparg

Suppose u r the dev for the FileStream, you may want to design the class as the following:
FileStream
{
IntPtr OSHandle;
void FooRead();//Calls into API and use the OSHandle;
Finalizer();//Clean resource
}
In the Finalizer, of course you should call Flush and Closehandle to release the resource.
However, u have no idea about what will happen in the FooRead function because it calls into API. For example:
FileSystem fs=new FileSystem();
fs.FooRead();
//Never use fs anymore
After FooRead goes into API, everything may happen. For example, the API may Sleep, thus the GC is safe to happen. Since the fs is not used any longer, the fs will be collected. However, it does not mean the OSHandle used in the API will be cleard to zero. Instead, the risk is that the Finalizer may be triggered, and close the handle. Since the handle is closed, the FooRead fails.

To solve the problem, u may want to change the design:
FileSystem
{
HandleObj OSHandle=new HandleObj(...);
void FooRead();//Calls into API and use the OSHandle;
Finalizer();//Clean resource
}
We wrap the handle in a class, instead of IntPtr. In the Finalizer, we call Flush only, and left the CloseHandle function in the finalizer of HandleObj class. With this design, even if the Finalizer executes during the call to FooRead, the handle is not closed. Combining with KeepAlive function in FooRead against OSHandle, problem1 is solved.
However, with this design, how can u ensure the squence of the two finalizers when both HandleObject and FileSystem ready to be collected?
...
CLR1 has to use very complex way to handle above problems, such like HandleProtector.TryAddRef... In CLR2, the Safehandle helps us to simplify the task. Since Safehandle uses critical finalizer, we can use our design2, by declaring the OSHandle as Safehandle type to solve it.

Some article mentions handle recycling attack. However, I do not think Safehandle helps much because
1) we are still able to get the int32 value by calling DangerousGetHandle.
2) handle recycling does not open a door for malicious code. malicious code comes from elsewhere. When malicious code gets in and is able to call CloseHandle, anything would happen

 
Cool article:
http://blogs.msdn.com/bclteam/archive/2005/03/16/396900.aspx

版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

vmware consideration

  • 2009-08-06 10:20
  • 472KB
  • 下载

阅读 《大规模并行处理器程序设计》影印版心得 第六章 Performance Consideration

6.1 More on Thread Execution warp的概念 warp是如何组织的:按x,y,z逐渐增大的方式来线性化多维方式组织的线程,然后从前往后,每32个线程为一个warp The ...

ATL CLR MFC Win32的区别

MFC、ATL和CLR是VC2005内置的3大库,涵盖了windows的各种开发方法和开发应用。当然关于C++开发的库不止这3个,不过这3个是微软推荐。从编程所处层次而言,WIN32为最底层,其次是M...

CLR

CLR 编辑 锁定 CLR常用简写词语,CLR是公共语言运行库(Common Language Runtime)和Java虚拟机一样也是一个运行时环境,它负责资源管理(内存分配和垃圾收集...

LuaInterface的简单学习,CLR与Lua相互调用

简单介绍下CLR: CLR(公共语言运行库,Common Language Runtime),是一个可由多种编程语言使用的运行环境。CLR是 .NET Framework 的主要执行引擎。它的核心功...

《CLR via C#》学习笔记【1】

一、CLR的执行模块1.1 将源代码编译成托管模块 非托管C/C++可对系统进行低级控制,按自己的想法管理内存、VB可以快速生成UI应用程序,并控制COM对象和数据库。 公共语言运行时(Commo...

Visual Studio中 ATL CLR MFC Win32 区别

ATL用于编写COM程序, CLR是.NET的公共语言运行库, MFC是指MFC类库,MFC程序是用这些类库做出的程序, WIN32常规就是不用MFC,使用API函数编的程序。  ...

CLR Via C# Note--The CLR's execution mode

Managed module: Standard 32 or 64 bit Windows portable excutable  PE32 or PE32+ file.  Compilers ...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)