[Mono-bugs] [Bug 74549][Maj] New - Segfault (stack overflow) when a class references itself

bugzilla-daemon@bugzilla.ximian.com bugzilla-daemon@bugzilla.ximian.com
Sat, 9 Apr 2005 09:15:55 -0400 (EDT) 

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by max@duempel.org.

http://bugzilla.ximian.com/show_bug.cgi?id=74549

--- shadow/74549	2005-04-09 09:15:55.000000000 -0400
+++ shadow/74549.tmp.21635	2005-04-09 09:15:55.000000000 -0400
@@ -0,0 +1,122 @@
+Bug#: 74549
+Product: Mono: Runtime
+Version: 1.1
+OS: 
+OS Details: Debian Sid AMD64, Kernel 2.6.11.7, Mono 1.1.5/1.1.6
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Major
+Component: misc
+AssignedTo: mono-bugs@ximian.com                            
+ReportedBy: max@duempel.org               
+QAContact: mono-bugs@ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: Segfault (stack overflow) when a class references itself
+
+Description of Problem:
+
+The Mono class loader segfaults when a class contains properties
+referencing the class itself in a two dimensional array. It goes into
+endless recursion, because it wants to fully load the property's class to
+compute the parent's class layout. This leads to Mono beginning again at
+this type -> endless recursion, stack overflow, segmentation fault.
+
+Steps to reproduce the problem:
+
+public class Foo {
+	private static Foo[][] foo;
+	public static void Main( string[] args ) {
+	}
+}
+
+
+Actual Results:
+
+Segmentation fault because of stack overflow (endless recursion).
+
+How often does this happen? 
+
+Every time. Easily reproducible.
+
+Additional Information:
+
+Bug is present on Mono 1.1.5 and 1.1.6. The older versions 1.1.4 and 1.1.3
+do not have this bug.
+
+beginning of a stack trace:
+
+#0  mono_metadata_parse_typedef_or_ref (m=0x2a955dedcf, ptr=Cannot access
+memory at address 0x7fbf7ffff8
+) at metadata.c:1054
+#1  0x0000000000486568 in do_mono_metadata_parse_type (type=0x7fbf800090,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedcf "\202Ô\t", rptr=0x7fbf800080) at metadata.c:1864
+#2  0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_MOD_TYPE, 
+    opt_attrs=0, ptr=0x2a955dedce "\022\202Ô\t", rptr=0x7fbf8000f0) at
+metadata.c:1385
+#3  0x00000000004865d5 in do_mono_metadata_parse_type (type=0x7fbf800160,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedce "\022\202Ô\t", rptr=0x7fbf800150) at metadata.c:1869
+#4  0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_MOD_TYPE, 
+    opt_attrs=0, ptr=0x2a955dedcd "\035\022\202Ô\t", rptr=0x7fbf8001c0) at
+metadata.c:1385
+#5  0x00000000004865d5 in do_mono_metadata_parse_type (type=0x7fbf800230,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedcd "\035\022\202Ô\t", rptr=0x7fbf800220) at metadata.c:1869
+#6  0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_FIELD, 
+    opt_attrs=17, ptr=0x2a955dedcc "\035\035\022\202Ô\t",
+rptr=0x7fbf8002a0) at metadata.c:1385
+#7  0x0000000000490275 in class_compute_field_layout (class=0x98f560) at
+class.c:598
+#8  0x000000000049099e in mono_bounded_array_class_get (eclass=0x98f560,
+rank=1, bounded=0) at class.c:2648
+#9  0x00000000004865e0 in do_mono_metadata_parse_type (type=0x7fbf8003e0,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedd1 "\t", rptr=0x7fbf8003d0) at metadata.c:1870
+#10 0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_FIELD, 
+    opt_attrs=17, ptr=0x2a955dedcc "\035\035\022\202Ô\t",
+rptr=0x7fbf800450) at metadata.c:1385
+#11 0x0000000000490275 in class_compute_field_layout (class=0x98f560) at
+class.c:598
+#12 0x000000000049099e in mono_bounded_array_class_get (eclass=0x98f560,
+rank=1, bounded=0) at class.c:2648
+#13 0x00000000004865e0 in do_mono_metadata_parse_type (type=0x7fbf800590,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedd1 "\t", rptr=0x7fbf800580) at metadata.c:1870
+#14 0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_FIELD, 
+    opt_attrs=17, ptr=0x2a955dedcc "\035\035\022\202Ô\t",
+rptr=0x7fbf800600) at metadata.c:1385
+#15 0x0000000000490275 in class_compute_field_layout (class=0x98f560) at
+class.c:598
+#16 0x000000000049099e in mono_bounded_array_class_get (eclass=0x98f560,
+rank=1, bounded=0) at class.c:2648
+#17 0x00000000004865e0 in do_mono_metadata_parse_type (type=0x7fbf800740,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedd1 "\t", rptr=0x7fbf800730) at metadata.c:1870
+#18 0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_FIELD, 
+    opt_attrs=17, ptr=0x2a955dedcc "\035\035\022\202Ô\t",
+rptr=0x7fbf8007b0) at metadata.c:1385
+#19 0x0000000000490275 in class_compute_field_layout (class=0x98f560) at
+class.c:598
+#20 0x000000000049099e in mono_bounded_array_class_get (eclass=0x98f560,
+rank=1, bounded=0) at class.c:2648
+#21 0x00000000004865e0 in do_mono_metadata_parse_type (type=0x7fbf8008f0,
+m=0x6aae40, generic_context=0x0, 
+    ptr=0x2a955dedd1 "\t", rptr=0x7fbf8008e0) at metadata.c:1870
+#22 0x00000000004867e8 in mono_metadata_parse_type_full (m=0x6aae40,
+generic_context=0x0, mode=MONO_PARSE_FIELD, 
+    opt_attrs=17, ptr=0x2a955dedcc "\035\035\022\202Ô\t",
+rptr=0x7fbf800960) at metadata.c:1385
+#23 0x0000000000490275 in class_compute_field_layout (class=0x98f560) at
+class.c:598
+#24 0x000000000049099e in mono_bounded_array_class_get (eclass=0x98f560,
+rank=1, bounded=0) at class.c:2648