[Mono-bugs] [Bug 553428] [verifier] SIGSEGV in mono_metadata_signature_equal on a bad assembly

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Mon Nov 23 21:05:52 EST 2009



--- Comment #3 from Sebastien Pouliot <spouliot at novell.com> 2009-11-24 02:05:50 UTC ---
Good point. However this condition will not occur on "normal" code, but only
"broken" code (i.e. people hitting this are more likely trying to exploit it
than report it). Adding a few more options gives us:

a) do nothing (ship code as is) an let it crash (bad imo)

b) crash safely (g_assert)

c) report (current patch + g_warning) condition and return FALSE;

d) fix it properly (all callers)

Considering this code is part of Moonlight I think this disqualify (a) and, as
much as possible, (b). Now (d) is perfect if it can be available very soon (by
ship date). Otherwise I think we should commit (c) until (d) is ready - either
before or after the release.

* same thinking about the other [verifier] bugs

Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

More information about the mono-bugs mailing list