SQL CE 4.0 Private Deployment - Access voilation

Question

 

Hi,

We are using SQL CE 4.0 in our application and observed Access violation exception occurring frequently on Windows 2003 32bit as well as Windows 2008 R2 64bit.

On dump analysis, it is observed that managed heap is corrupted by unmanaged code block of wintrust.dll. Call stack as given below

0000000010a5c260 00000000779ff857 kernel32!LocalBaseRegOpenKey+0x276, calling kernel32!_security_check_cookie

0000000010a5c390 0000000077b4fe48 ntdll!KiUserExceptionDispatcher+0x2e, calling ntdll!RtlDispatchException

000007fefdb1227b 000007fefdb12c3c wintrust!SoftpubInitialize+0xf0 ====> Exception cxr@0000000010a5c890

0000000010a5c418 0000000010a5cd00 0000000010a5cd00, calling 0000000010a5d4fe

0000000010a5c770 0000000077b4cef4 ntdll!RtlAllocateHeap+0x17e, calling ntdll!memset

0000000010a5c920 000007fefdb1227b wintrust!operator new+0xb, calling wintrust!PkiAlloc

0000000010a5c950 000007fefdb12309 wintrust!WVTNew+0xd, calling wintrust!operator new

0000000010a5c980 000007fefdb12c3c wintrust!SoftpubInitialize+0xf0, calling wintrust!memset

0000000010a5c9a0 000007fefdb12369 wintrust!SoftpubLoadMessage+0x5d, calling wintrust!_SetSubjectInfo

0000000010A5CCE0 000007FF0393AFDD xxx_Common!DomainBoundILStubClass.IL_STUB_PInvoke+0x393afde

0000000010A5CE50 000007FF0393B202 System_Data_SqlServerCe!System.Data.SqlServerCe.WinTrust.VerifyEmbeddedSignature(System.String)+0x92

0000000010A5CEC0 000007FF0393A1E6 System_Data_SqlServerCe!System.Data.SqlServerCe.NativeMethods.ValidateCRT(System.String)+0xe6

0000000010A5CF50 000007FF03938C9F System_Data_SqlServerCe!System.Data.SqlServerCe.NativeMethods.LoadValidLibrary(System.String)+0x12f

0000000010A5CFE0 000007FF03938A18 System_Data_SqlServerCe!System.Data.SqlServerCe.NativeMethods.LoadNativeBinariesFromPrivateFolder(System.String)+0x28

0000000010A5D020 000007FF03938819 System_Data_SqlServerCe!System.Data.SqlServerCe.NativeMethods.LoadNativeBinaries()+0xf9

0000000010A5D080 000007FF039385C0 System_Data_SqlServerCe!System.Data.SqlServerCe.SqlCeConnection..ctor()+0x30

0000000010A5D0D0 000007FF03938544 System_Data_SqlServerCe!System.Data.SqlServerCe.SqlCeConnection..ctor(System.String)+0x14

0000000010A5D110 000007FF03937FCA xxx_HostDataCache!Unknown+0x4a

Here is code snippet of SQL CE WinTrust class calling unmanaged code to highlight on issue:

 [SecurityCritical, SecurityPermission(SecurityAction.Assert, UnmanagedCode=true)]

public bool VerifyEmbeddedSignature(string filePath)

{

    WinTrustData pWVTData = new WinTrustData(filePath);

    Guid pgActionID = new Guid("{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}");

    return (this.WinVerifyTrust(this.INVALID_HANDLE_VALUE, pgActionID, pWVTData) == WinVerifyTrustResult.Success);

}

[SecurityCritical]

public WinTrustData(string _fileName)

{

    this.structSize = (uint) Marshal.SizeOf(typeof(WinTrust.WinTrustData));

    this.policyCallbackData = IntPtr.Zero;

    this.SIPClientData = IntPtr.Zero;

    this.UIChoice = WinTrust.WinTrustDataUIChoice.None;

    this.unionChoice = WinTrust.WinTrustDataChoice.File;

    this.stateData = IntPtr.Zero;

    this.provFlags = WinTrust.WinTrustDataProvFlags.SaferFlag;

    WinTrust.WinTrustFileInfo structure = new WinTrust.WinTrustFileInfo(_fileName);

    this.fileInfoPtr = Marshal.AllocCoTaskMem(Marshal.SizeOf(typeof(WinTrust.WinTrustFileInfo)));

    Marshal.StructureToPtr(structure, this.fileInfoPtr, false);

}

private delegate_WinVerifyTrust WinVerifyTrust;

[SecurityCritical]

internal WinTrust()

{

    this.INVALID_HANDLE_VALUE = new IntPtr(-1);

    StringBuilder lpBuffer = new StringBuilder();

    GetSystemDirectory(lpBuffer, 0x100);

    string fileName = Path.Combine(lpBuffer.ToString(), "wintrust.dll");

    this.winTrustModuleHelper = new UnmanagedLibraryHelper(fileName);

    this.WinVerifyTrust = this.winTrustModuleHelper.GetUnmanagedFunction<delegate_WinVerifyTrust>("WinVerifyTrust");

}

I have query based on above inputs and analysis whether Wintrust is really causing Access Violation exception?

Is red colored parameter not pinned/marshaled, pWVTData – contents of the structure are getting changed which is corrupting Managed heap.

Request you provide input on getting towards the solution/resolution.

Answer 1

Have you looked at this: http://blogs.msdn.com/b/sqlservercompact/archive/2009/05/06/troubleshooting-access-violation-exception-while-using-sql-server-compact-database-with-ado-net-provider.aspx ?

---

Please mark as answer, if this was it. Visit my SQL Server Compact blog

Answer 2

I get the same error and unfortunately the link reccommended on this page does not really cover my scenario.

I have an application which opens a SQLCE db & entities connection within the main program thread.  Individual processes are run in seperate appdomains, and it is when attempting to open a SQL CE connection in one of the new appdomains that I get the AccessViolationException. The same method is used (shown below) to open the connection in the main appdomain and child appdomains.  It is fairly easy to replicate but is not guaranteed to happen every time. 

Below are the details of the error and my code.  Any help would be greatly apprecitated.

Error stack:
==============
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.AccessViolationException
Stack:
   at System.Data.SqlServerCe.WinTrust.VerifyEmbeddedSignature(System.String)
   at System.Data.SqlServerCe.NativeMethods.ValidateCRT(System.String)
   at System.Data.SqlServerCe.NativeMethods.LoadValidLibrary(System.String)
   at System.Data.SqlServerCe.NativeMethods.LoadNativeBinariesFromPrivateFolder(System.String)
   at System.Data.SqlServerCe.NativeMethods.LoadNativeBinaries()
   at System.Data.SqlServerCe.SqlCeConnection..ctor()
   at System.Data.SqlServerCe.SqlCeProviderFactory.CreateConnection()
   at System.Data.EntityClient.EntityConnection.GetStoreConnection(System.Data.Common.DbProviderFactory)
   at System.Data.EntityClient.EntityConnection.ChangeConnectionString(System.String)


Here is the code which causes the error, but which also works much of the time.
===============================================================================
private static EntityConnection GetConnection()
{
            string providerName = "System.Data.SqlServerCe.4.0";
            //string serverName = ".";

            // Initialize the connection string builder for the
            // underlying provider.
            SqlCeConnectionStringBuilder sqlBuilder =
            new SqlCeConnectionStringBuilder();

            // Set the properties for the data source.
            sqlBuilder.DataSource = GetDatabasePath();

            // Build the SqlConnection connection string.
            string providerString = sqlBuilder.ToString();

            // Initialize the EntityConnectionStringBuilder.
            EntityConnectionStringBuilder entityBuilder =
            new EntityConnectionStringBuilder();

            //Set the provider name.
            entityBuilder.Provider = providerName;

            // Set the provider-specific connection string.
            entityBuilder.ProviderConnectionString = providerString;

            // Set the Metadata location.
            entityBuilder.Metadata = @"res://*/AppData.csdl|
                                    res://*/AppData.ssdl|
                                    res://*/AppData.msl";

            EntityConnection conn = new EntityConnection(entityBuilder.ToString());
            return conn;

}