Search code examples
c#.netmonosystem.drawing

Isolating unmanaged crashes under Mono

We have a Mono application under Linux that does image processing on a bunch of files.

For this we (among other things) use System.Drawing, and for the most part it serves us well. Occasionally however, we encounter an image that crashes the application - it is a crash in a native call, and this is immune to try catch. Simplified, a call like

System.Drawing.Image.FromFile(imagePath);

will cause a crash. The error message looks something like this:

at (wrapper managed-to-native) System.Drawing.GDIPlus.GdipLoadImageFromFile (string,intptr&) <0xffffffff>

This pulls the whole application down instantly.

We have encountered a few instances that this happens - corrupt GIF files, unexpected headers in TIFF files - to name a few. As we don't have control over the source of the images, we will just have to deal with possible crashes.

The question: I would like to isolate the places where we use GDI+ (through System.Drawing) on untrusted files so that it can happily crash without killing the whole application.

I have attempted this through using separate application domains, but I just can't stop the crashes. It is probable that I am doing it wrong!

Some detail: openSUSE 11.4 (x86_64), Mono version 2.10.2, libgdiplus0 (package) 2.10-30.2, libtiff3 (package) 3.9.4-3.7.1

Please note that the specific issues we experienced was promptly fixed - see comments below. The question still remains though.

I would have liked to somehow isolate a part of the program so that it does not pull the whole thing down - but I fear the only answer is to call a external process as noted in the answer below. I'll leave this as is for a while and then accept that answer!

Solution

  • Ok, with some measure of naivety here because I don't know much about Linux... AppDomains (in Windows anyway) reside in the same process. Try separating out the problematic code into another process, using command lines or some communication mechanism like IPC so that if it crashes, it doesn't bring down the main process, just the child.

    Although I've never had an uncatchable exception causing my problems in the past, it sounds like the main process is being killed, which is a layer below the AppDomain idea you said you tried.

    Translate to Linuxese where necessary... sorry I can't be more specific.