我们有一个 WinForms AnyCPU 应用程序,其中供应商库控件偶尔会在运行多个监视器的 64 位用户框上引发以下异常:
System.OverflowException: Arithmetic operation resulted in an overflow.
at VendorLibraryName.VendorControl.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
我查看了供应商库控件的 WndProc 处理程序,唯一看起来可能会产生溢出的代码是这个(我的评论 - 这是反编译的):
switch (msg)
{
case 132: // NCHITTEST
case 672: // NCMOUSEHOVER
// Technically dangerous: convert IntPtr to Int32 in a 64-bit process.
// However, note that for these message codes,
// LParam represents a "packed" x and y screen-coordinate.
// Given my understanding of how this packing occurs, I can't think
// of how to construct an LParam such that it would overflow an Int32.
SomeMethod(x: (int)m.LParam & 65535, y: (int)m.LParam >> 16);
// More code...
这是转换和位旋转的实际 IL:
IL_0092: ldarg.1
IL_0093: call instance native int [System.Windows.Forms]System.Windows.Forms.Message::get_LParam()
// As far as I can tell, this is the only instruction on which overflow could occur
IL_0098: call int32 [mscorlib]System.IntPtr::op_Explicit(native int)
IL_009d: ldc.i4 65535
IL_00a2: and
IL_00a3: ldarg.1
// Same thing here...
IL_00a4: call instance native int [System.Windows.Forms]System.Windows.Forms.Message::get_LParam()
IL_00a9: call int32 [mscorlib]System.IntPtr::op_Explicit(native int)
IL_00ae: ldc.i4.s 16
IL_00b0: shr
显然,这个例程看起来很容易出现溢出问题,因为在 64 位进程中将 Message.LParam(一个 IntPtr)转换为 Int32。事实上,这个例程是错误的,因为它没有正确处理负坐标 - 它看起来像是 Windows GET_X_LPARAM 和 GET_Y_PARAM 宏到 C# 的不正确端口。
但是,我无法看到如何为 NCHITTEST / NCMOUSEHOVER 构建 LParam,这实际上会超出 Int32 的范围。(我认为低 16 位由带符号的16 位 X 坐标组成,其余位由符号扩展的 16 位 Y 坐标组成。如果我错了,请纠正我,因为这可能是一个严重的误解)。
我无法在具有许多不同监视器配置和窗口位置的开发盒上重现异常。
什么屏幕坐标实际上会导致溢出?或者有没有其他方式这个块可能导致溢出?