[Mono-bugs] [Bug 77288][Min] New - mono_metadata_signature_dup memory overread

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Tue Jan 17 13:45:15 EST 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by aras at otee.dk.


--- shadow/77288	2006-01-17 13:45:15.000000000 -0500
+++ shadow/77288.tmp.3008	2006-01-17 13:45:15.000000000 -0500
@@ -0,0 +1,29 @@
+Bug#: 77288
+Product: Mono: Runtime
+Version: 1.1
+OS: All
+OS Details: 
+Status: NEW   
+Priority: Minor
+Component: misc
+AssignedTo: mono-bugs at ximian.com                            
+ReportedBy: aras at otee.dk               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+Summary: mono_metadata_signature_dup memory overread
+When using a compiler where MONO_ZERO_LEN_ARRAY is not zero (e.g. msvc),
+mono_metadata_signature_dup can segfault because it tries to copy more
+bytes than are actually present in MonoMethodSignature. This behavior is
+present in release.
+The fix is changing
+  sig->param_count
+inside mono_metadata_signature_dup to
+  (sig->param_count-MONO_ZERO_LEN_ARRAY)
+Attached a diff file for mono/metadata/metadata.c

More information about the mono-bugs mailing list