Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,523 questions
Invalid Data From ReadFile Function
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 57.99999999999999%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3END%3C/text%3E%3C/svg%3E)
Nishant Das
1
Reputation point
I have come across some invalid data from the ReadFile method.
Background###
I am one of the maintainers of the following golang project:
https://github.com/prysmaticlabs/prysm
Recently one of our users running on windows 10 came across an interesting crash. 
Initially we assumed that it might have been a bug in the application, however upon examining the code and the
accompanying stack trace that possibility seemed much less likely. The panic happened in a core library of the go language.
https://golang.google.cn/pkg/bufio/
This library is used for mostly i/o operations and at the time that the panic was hit, it was reading from a network socket. The panic appeared on this line:
https://golang.google.cn/src/bufio/bufio.go#L238
If you look at the code, given the underlying reader is providing accurate information the panic shouldn't be possible at all. The underlying reader being an active TCP connection would lead to here:
https://golang.org/src/internal/poll/fd_windows.go#L408
https://golang.org/src/syscall/syscall_windows.go#369
https://golang.org/src/syscall/zsyscall_windows.go#1001
Underlying Method: https://golang.org/src/syscall/zsyscall_windows.go#141
Actual call to kernel: https://golang.org/src/runtime/syscall_windows.go#336
Win32Api method:
https://learn.microsoft.com/en-us/windows/win32/api/fileapi/nf-fileapi-readfile
Some more relevant data:
- User had a network outage at around the same time, which seems pretty relevant to the issue and might have triggered the issue. It
appears that their router went offline for a while. - The size of the buffer passed into
ReadFileis 4096, however when the method returnslpNumberOfBytesReadis actually4308.nNumberOfBytesToReadis also set as 4096, so the fact that the number of bytes read is larger than the maximum possible value should be impossible. - User has the following specifications below:
- This has only been observed once, so there is no easy way to reproduce the bug easily. It might be possible to mimic network outages
and try to constantly read from an active tcp connection in order to reproduce the bug. Let me know if any other data would be helpful.
{count} votes
-
Viorel 114.7K Reputation points2021-08-09T14:55:27.577+00:00 Maybe it is not correct to execute unconditionally ‘n += nn’ if there is an error in ReadAtLeast:
nn, err = r.Read(buf[n:]) n += nnIt is not clear if it also executes ‘err = nil’ unexpectedly.
In addition, it seems that err is not always examined after calling Read in different places of bufio.
Also note that 0x10d4 is 4308.
-
Nishant Das 1 Reputation point
2021-08-10T03:16:19.497+00:00 Maybe it is not correct to execute unconditionally ‘n += nn’ if there is an error in ReadAtLeast:
Yeap, definitely something to improve upon. It shouldn't be be continuing on without checking for an error.
In addition, it seems that err is not always examined after calling Read in different places of bufio.
Yeah it could be better here in terms of handling any potential errors and could be more defensive for bad values returned by the underlying reader. But even then, unless its stated somewhere ,
ReadFileshouldn't be able to return4308as a value forlpNumberOfBytesRead. -
Viorel 114.7K Reputation points
2021-08-10T05:38:13.483+00:00 I do not think that ReadFile returned 4308.
-
Nishant Das 1 Reputation point
2021-08-10T06:13:33.507+00:00 The underlying reader used in bufio was an active tcp connection. So I am not sure where else that value could have come from. As far as I am aware the go networking library directly returns the number of bytes read and error from the syscall ( irrespective of the OS). The stacktrace of the panic also marks
nas 0x10d4 .The value of n is only set here
https://golang.google.cn/src/bufio/bufio.go#L227Also would be relevant to mention that for bufio reader only the method
Readis ever called by the application. -
Viorel 114.7K Reputation points
2021-08-10T08:28:14.52+00:00 Do you know which code was executed by b.rd.Read(b.buf)?
-
Nishant Das 1 Reputation point
2021-08-10T10:03:07.287+00:00 For windows it would be this method:
https://golang.org/src/internal/poll/fd_windows.go#L408 -
Viorel 114.7K Reputation points
2021-08-10T14:26:10+00:00 Are you sure that it executes syscall.Read? Maybe it uses syscall.WSARecv, which is for sockets too?
-
Nishant Das 1 Reputation point
2021-08-11T09:25:35.113+00:00 Ah , you do have a point. It does appear likely that it could have executed using
syscall.WSARecvnow that I think of it . In that case, would it be expected that lpNumberOfBytesRecvd would be larger than then size of the buffer ?
https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-wsarecv -
Viorel 114.7K Reputation points
2021-08-11T15:51:38.573+00:00 I am not sure that such a defect exists for popular ReadFile or WSARecv functions and which was not observed in other circumstances.
Maybe the problem is caused by incorrect parallel usage of objects, so that 'b.w += n' is executed by several threads on the same b.w.
-
Nishant Das 1 Reputation point
2021-08-26T08:21:33.83+00:00 Maybe the problem is caused by incorrect parallel usage of objects, so that 'b.w += n' is executed by several threads on the same b.w.
Access to this should only be single threaded so that scenario seems unlikely, in any case thanks for looking into it. I do not have any more data or additional reports on this so I have reached a dead end.
Sign in to comment