Out of memory exception occurs while inspecting certain binaries during BA2004.EnableSecureSourceCodeHashing rule

[schlaman-ms]

This issue is not BinSkim version specific.

BA2004.EnableSecureSourceCodeHashing inspects the binary and uses low level code that is experiencing an out of memory exception during the P/Invoke call.

• We are now looking at trying a new version of this low level code to see if it addresses this issue.
• Here is the code that is failing.

`IDiaDataSource diaSource = MsdiaComWrapper.GetDiaSource();

try
{
diaSource.loadDataFromPdb(pdbPath);
}
catch (OutOfMemoryException ex)
{
// Here is where the problem shows up with the specific binary you have
`

[andriipatsula]

We are attempting to configure BinSkim to execute on artifacts generated by the official dotnet build, and I am encountering the same problem when running it on the dotnet/runtime repository. (it's a company requirement to scan all binaries we are shipping) issue: dotnet/arcade-services#2744
Do we have any workarounds for this issue, or is anyone working on solving it?

[tkapin]

@schlaman-ms - enabling BinSkim is a priority for the .NET team. Could you please advise on who would be the best person to help us troubleshoot this issue? Thanks

[shaopeng-gh]

Hello, I have checked a few cases of the out of memory pdb files user reported,
what I saw is BinSkim is behaving the same as the Microsoft DIA lib we used. BinSkim depends on DIA to load pdb files, and the error "out of memory" is coming from the DIA lib.
Below is one of the analyze before:

use the latest installed VS 2022 DIA SDK Dia2Dump which is provided by Microsoft
dumping the pdb file from user, has the 8007000E which is basically same error as what we see in our BinSkim tool:

definition of 8007000E