[Mono-bugs] [Bug 78941][Min] New - System.Collections.Queue can be made to throw IndexOutOfRangeException

Mon Jul 24 17:07:43 EDT 2006

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by benlutz at datacomm.ch.

http://bugzilla.ximian.com/show_bug.cgi?id=78941

--- shadow/78941	2006-07-24 17:07:43.000000000 -0400
+++ shadow/78941.tmp.1608	2006-07-24 17:07:43.000000000 -0400
@@ -0,0 +1,80 @@
+Bug#: 78941
+Product: Mono: Class Libraries
+Version: 1.1
+OS: All
+OS Details: 
+Status: NEW   
+Resolution: 
+Severity: 
+Priority: Minor
+Component: CORLIB
+AssignedTo: mono-bugs at ximian.com                            
+ReportedBy: benlutz at datacomm.ch               
+QAContact: mono-bugs at ximian.com
+TargetMilestone: ---
+URL: 
+Cc: 
+Summary: System.Collections.Queue can be made to throw IndexOutOfRangeException
+
+Description of Problem:
+
+Under certain circumstances, System.Collections.Queue can be made to throw
+an IndexOutOfRangeException.
+
+It is possible for _tail to have a value of _array.Length when calling
+Enqueue(), but _size being unequal to _array.Length. When _array[_tail] is
+accessed, an unhandled IndexOutOfRangeException is thrown.
+
+Steps to reproduce the problem:
+-----
+using System;
+using System.Collections;
+
+class MonoQueueTest {
+    static void Main(string[] args) {
+        Queue queue = new Queue(32, 1.0F);
+        int i;
+
+        for (i = 0; i < 31; i++) {
+            queue.Enqueue(null);
+        }
+
+        queue.TrimToSize();
+        queue.Dequeue();
+        queue.Enqueue(null);
+    }
+}
+-----
+
+
+Actual Results:
+Unhandled Exception: System.IndexOutOfRangeException: Index was outside 
+the bounds of the array.
+Exit code = 77.
+
+
+Expected Results:
+No output, Exit code = 0.
+
+
+Proposed Patch:
+
+The following patch simply switches two lines.
+
+----------
+--- Queue.cs.orig	2006-07-24 22:03:14.000000000 +0200
++++ Queue.cs	2006-07-24 22:03:26.000000000 +0200
+@@ -175,9 +175,9 @@
+ 		public virtual void Enqueue (object obj) {
+ 			_version++;
+ 			if (_size == _array.Length) 
+-				grow ();
+-			_array[_tail] = obj;
+-            _tail = (_tail + 1) % _array.Length;
++				grow ();
++            _tail = (_tail + 1) % _array.Length;
++            _array[_tail] = obj;
+ 			_size++;
+ 
+ 		}
+----------
