[Mono-bugs] [Bug 69666][Nor] New - Return value null from custom binder is unchecked

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Thu, 18 Nov 2004 12:42:34 -0500 (EST)


Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by peter.troeger@hpi.uni-potsdam.de.

http://bugzilla.ximian.com/show_bug.cgi?id=69666

--- shadow/69666	2004-11-18 12:42:34.000000000 -0500
+++ shadow/69666.tmp.12373	2004-11-18 12:42:34.000000000 -0500
@@ -0,0 +1,76 @@
+Bug#: 69666
+Product: Mono: Class Libraries
+Version: 1.0
+OS: 
+OS Details: Debian Sarge
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Normal
+Component: System
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: peter.troeger@hpi.uni-potsdam.de               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Return value null from custom binder is unchecked
+
+Description of Problem:
+
+The implementation of a custom deserialization binder may return NULL from
+Type BindToType(string assemblyName,string typeName) if the type can not be
+resolved. 
+private Type GetDeserializationType (long assemblyId, string className) in
+ObjectReader.cs fails to check for null as a return value. As a
+consequence, metadata.Type.IsSerializable crashes, for example in the
+TypeMetadata ReadTypeMetadata (BinaryReader reader, bool isRuntimeObject)
+method.
+
+Steps to reproduce the problem:
+Write a custom deserializer, which returns always null. Assign it to your
+BinaryFormatter object before calling Deserialize(). Watch the
+NullReferenceException in your application.
+
+Actual Results:
+
+Server stack trace:
+in [0x0011c] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/ObjectReader.cs:437)
+System.Runtime.Serialization.Formatters.Binary.ObjectReader:ReadTypeMetadata
+(System.IO.BinaryReader,bool)
+in [0x0000c] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/ObjectReader.cs:230)
+System.Runtime.Serialization.Formatters.Binary.ObjectReader:ReadObjectInstance
+(System.IO.BinaryReader,bool,long&,object&,System.Runtime.Serialization.SerializationInfo&)
+in [0x0007e] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/ObjectReader.cs:156)
+System.Runtime.Serialization.Formatters.Binary.ObjectReader:ReadObject
+(System.Runtime.Serialization.Formatters.Binary.BinaryElement,System.IO.BinaryReader,long&,object&,System.Runtime.Serialization.SerializationInfo&)
+in [0x000ea] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/ObjectReader.cs:184)
+System.Runtime.Serialization.Formatters.Binary.ObjectReader:ReadObject
+(System.Runtime.Serialization.Formatters.Binary.BinaryElement,System.IO.BinaryReader,long&,object&,System.Runtime.Serialization.SerializationInfo&)
+in [0x00034] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/ObjectReader.cs:124)
+System.Runtime.Serialization.Formatters.Binary.ObjectReader:ReadNextObject
+(System.IO.BinaryReader)
+in [0x00045] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/ObjectReader.cs:105)
+System.Runtime.Serialization.Formatters.Binary.ObjectReader:ReadObjectGraph
+(System.IO.BinaryReader,bool,object&,System.Runtime.Remoting.Messaging.Header[]&)
+in [0x0007f] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/BinaryFormatter.cs:163)
+System.Runtime.Serialization.Formatters.Binary.BinaryFormatter:Deserialize
+(System.IO.Stream,System.Runtime.Remoting.Messaging.HeaderHandler)
+in [0x00003] (at
+/home/ingo/mcs-1.0.2/class/corlib/System.Runtime.Serialization.Formatters.Binary/BinaryFormatter.cs:127)
+System.Runtime.Serialization.Formatters.Binary.BinaryFormatter:Deserialize
+(System.IO.Stream)
+in [0x000d7] (at
+/home/fb6/troeger/prog/migration04/MigrationLib/MigrantEnv.cs:89)
+MigrationLib.MigrantEnv:FinishDeserialize ()
+
+Expected Results:
+
+This may throw SerializationException with a proper description.