[Mono-bugs] [Bug 515938] New: [SRE] Mono crashes instead of NEW when emitting wrong attribute arguments

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Wed Jun 24 05:12:55 EDT 2009 

http://bugzilla.novell.com/show_bug.cgi?id=515938


           Summary: [SRE] Mono crashes instead of NEW when emitting wrong
                    attribute arguments
    Classification: Mono
           Product: Mono: Runtime
           Version: unspecified
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: misc
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: msafar at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---


using System;
using System.Threading;
using System.Reflection;
using System.Reflection.Emit;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;

class C
{
    [AttributeUsage(AttributeTargets.Method | AttributeTargets.Field |
AttributeTargets.Class)]
    public class CustomAttribute: Attribute
    {
        public CustomAttribute (bool b) {}
    }

    public static void Main ()
    {
        ConstructorInfo classCtorInfo = 
            typeof (CustomAttribute).GetConstructor (new [] { typeof (bool) });

        CustomAttributeBuilder typeCABuilder = new CustomAttributeBuilder (
            classCtorInfo, new object [] { null });

    }
}


When executed

Stacktrace:

  at (wrapper managed-to-native)
System.Reflection.Emit.CustomAttributeBuilder.GetBlob
(System.Reflection.Assembly,System.Reflection.ConstructorInfo,object[],System.Reflection.PropertyInfo[],object[],System.Reflection.FieldInfo[],object[])
<0x00004>
  at (wrapper managed-to-native)
System.Reflection.Emit.CustomAttributeBuilder.GetBlob
(System.Reflection.Assembly,System.Reflection.ConstructorInfo,object[],System.Reflection.PropertyInfo[],object[],System.Reflection.FieldInfo[],object[])
<0xffffffff>
  at System.Reflection.Emit.CustomAttributeBuilder.Initialize
(System.Reflection.ConstructorInfo,object[],System.Reflection.PropertyInfo[],object[],System.Reflection.FieldInfo[],object[])
<0x005b0>
  at System.Reflection.Emit.CustomAttributeBuilder..ctor
(System.Reflection.ConstructorInfo,object[]) <0x0007c>
  at C.Main () <0x00084>
  at (wrapper runtime-invoke) object.runtime_invoke_void
(object,intptr,intptr,intptr) <0xffffffff>

Native stacktrace:

    mono [0x80d4fa2]
    mono [0x80ffd8b]
    [0xb80d7410]
    mono(mono_reflection_get_custom_attrs_blob+0xed) [0x8178a5d]
    [0xb7256377]
    [0xb72557f9]
    [0xb7255235]
    [0xb725430d]
    [0xb72541fa]
    mono(mono_runtime_exec_main+0xe5) [0x8127635]
    mono(mono_runtime_run_main+0x16b) [0x8127ddb]
    mono(mono_main+0x191a) [0x80b61aa]
    mono [0x805b481]
    /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xe5) [0xb7e65775]
    mono [0x805b3b1]

Debug info from gdb:

Cannot access memory at address 0x8
[Thread debugging using libthread_db enabled]
[New Thread 0xb7e1b6f0 (LWP 12160)]
[New Thread 0xb6e59b90 (LWP 12163)]
[New Thread 0xb80c3b90 (LWP 12162)]
[New Thread 0xb7ce0b90 (LWP 12161)]
0xb80d7430 in __kernel_vsyscall ()
  4 Thread 0xb7ce0b90 (LWP 12161)  0xb80d7430 in __kernel_vsyscall ()
  3 Thread 0xb80c3b90 (LWP 12162)  0xb80d7430 in __kernel_vsyscall ()
  2 Thread 0xb6e59b90 (LWP 12163)  0xb80d7430 in __kernel_vsyscall ()
  1 Thread 0xb7e1b6f0 (LWP 12160)  0xb80d7430 in __kernel_vsyscall ()

Thread 4 (Thread 0xb7ce0b90 (LWP 12161)):
#0  0xb80d7430 in __kernel_vsyscall ()
#1  0xb7fe20e5 in pthread_cond_wait@@GLIBC_2.3.2 ()
   from /lib/tls/i686/cmov/libpthread.so.0
#2  0x081dd6dd in GC_wait_marker () at pthread_support.c:1777
#3  0x081d6687 in GC_help_marker (my_mark_no=2) at mark.c:1116
#4  0x081dc4c1 in GC_mark_thread (id=0x0) at pthread_support.c:548
#5  0xb7fde4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#6  0xb7f3349e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 3 (Thread 0xb80c3b90 (LWP 12162)):
#0  0xb80d7430 in __kernel_vsyscall ()
#1  0xb7fe58f6 in nanosleep () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x081ad158 in collection_thread (unused=0x0) at collection.c:34
#3  0xb7fde4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#4  0xb7f3349e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 2 (Thread 0xb6e59b90 (LWP 12163)):
#0  0xb80d7430 in __kernel_vsyscall ()
#1  0xb7fe43f5 in sem_wait@@GLIBC_2.1 () from
/lib/tls/i686/cmov/libpthread.so.0
#2  0x081ac0d4 in finalizer_thread (unused=0x0) at gc.c:1000
#3  0x08162885 in start_wrapper (data=0x8fb8a48) at threads.c:636
#4  0x081b0496 in thread_start_routine (args=0x8fb022c) at wthreads.c:286
#5  0x081dd36f in GC_start_routine (arg=0x26f20) at pthread_support.c:1382
#6  0xb7fde4ff in start_thread () from /lib/tls/i686/cmov/libpthread.so.0
#7  0xb7f3349e in clone () from /lib/tls/i686/cmov/libc.so.6

Thread 1 (Thread 0xb7e1b6f0 (LWP 12160)):
#0  0xb80d7430 in __kernel_vsyscall ()
#1  0xb7fe50fb in read () from /lib/tls/i686/cmov/libpthread.so.0
#2  0x080d5206 in mono_handle_native_sigsegv (signal=11, ctx=0xb74dfd0c)
    at /usr/include/bits/unistd.h:45
#3  0x080ffd8b in mono_arch_handle_altstack_exception (sigctx=0xb74dfd0c, 
    fault_addr=0x8, stack_ovf=0) at exceptions-x86.c:871
#4  <signal handler called>
#5  0x0816c106 in encode_cattr_value (assembly=0xb6c00468, buffer=0xb6c1c670
"\001", 
    p=0xb6c1c672 "��H\003��h���h����1��l5��\0046��47��LC���4��",
retbuffer=0xbfef5088, 
    retp=0xbfef5084, buflen=0xbfef5080, type=0x822a748, arg=0x0, 
    argval=0x8 <Address 0x8 out of bounds>) at reflection.c:8605
#6  0x08178a5d in mono_reflection_get_custom_attrs_blob (assembly=0x43f90,
ctor=0x4efd8, 
    ctorArgs=0x30f30, properties=0x49fc0, propValues=0x49fb0, fields=0x49fa0, 
    fieldValues=0x49f90) at reflection.c:8928
#7  0xb7256377 in ?? ()
#8  0xb72557f9 in ?? ()
#9  0xb7255235 in ?? ()
#10 0xb725430d in ?? ()
#11 0xb72541fa in ?? ()
#12 0x08127635 in mono_runtime_exec_main (method=0x2be80, args=0x49fe0,
exc=0x0)
    at object.c:3449
#13 0x08127ddb in mono_runtime_run_main (method=0x8f9819c, argc=-1074834760, 
    argv=0xbfef54b8, exc=0x0) at object.c:3229
#14 0x080b61aa in mono_main (argc=2, argv=0xbfef54b4) at driver.c:972
#15 0x0805b481 in main (argc=) at main.c:34
#0  0xb80d7430 in __kernel_vsyscall ()

=================================================================
Got a SIGSEGV while executing native code. This usually indicates
a fatal error in the mono runtime or one of the native libraries 
used by your application.
=================================================================

Aborted

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.

More information about the mono-bugs mailing list