Skip to content

Use GCPROTECT_BEGININTERIOR to protect pointers into arrays during array marshalling #123688

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jkoritzinsky wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Use GCPROTECT_BEGININTERIOR to protect pointers into arrays during array marshalling #123688

jkoritzinsky wants to merge 1 commit into from
+155 −212

Conversation

@jkoritzinsky
Copy link
Member

@jkoritzinsky jkoritzinsky commented Jan 27, 2026

Fixes #123271
Fixes #123269
Fixes #121690

Failures introduced by #121362 where we changed the string->BSTR array marshalling to call back into managed code. This introduces a transition where the code was not expecting one where GC can trigger.

Update the BSTR marshalling to use GCPROTECT_BEGININTERIOR to ensure that our pointer into the managed array is updated by the GC.

A bunch of this code used various different patterns (manually adjusting offsets after a GC if one occurred, recalculating the offset into the array's data each iteration) instead of using GCPROTECT_BEGININTERIOR. This PR adjusts all of the marshallers where GC could possibly occur (any sort of managed or possibly managed marshalling) to all use GCPROTECT_BEGININTERIOR.

Copilot AI review requested due to automatic review settings January 27, 2026 21:26
@dotnet-policy-service
Copy link
Contributor

dotnet-policy-service bot commented Jan 27, 2026

Tagging subscribers to this area: @dotnet/interop-contrib
See info in area-owners.md if you want to be subscribed.

Copilot AI reviewed Jan 27, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes GC-related crashes in COM interop array marshalling by properly protecting interior pointers into managed arrays using GCPROTECT_BEGININTERIOR. The failures were introduced by PR #121362 which moved BSTR trailbyte tracking out of the sync block, causing transitions to managed code that could trigger GC during array marshalling.

Changes:

  • Replaced manual pointer recalculation logic with GCPROTECT_BEGININTERIOR protection
  • Updated 10 array marshalling functions to protect interior pointers during GC-triggering operations
  • Removed obsolete "unprotected array" tracking code that manually checked if arrays moved

@jkoritzinsky jkoritzinsky force-pushed the bstr-marshaller-gcprotect branch from 62e5641 to cdc3bcc Compare January 27, 2026 23:03
jkotas
jkotas approved these changes Jan 28, 2026
View reviewed changes
Copy link
Member

@jkotas jkotas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My guess is that indexing from protected base would be a tiny bit cheaper than GC protected interior pointer (avoids stacks spills, multiplication is cheap). It does not really matter.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jkotas jkotas jkotas approved these changes

@AaronRobinsonMSFT AaronRobinsonMSFT Awaiting requested review from AaronRobinsonMSFT

Assignees

@jkoritzinsky jkoritzinsky

Labels

area-Interop-coreclr

Projects

AppModel
Status: No status

Milestone

No milestone

2 participants

@jkoritzinsky @jkotas