[Mono-bugs] [Bug 553428] [verifier] SIGSEGV in mono_metadata_signature_equal on a bad assembly
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Nov 23 21:05:52 EST 2009
http://bugzilla.novell.com/show_bug.cgi?id=553428
http://bugzilla.novell.com/show_bug.cgi?id=553428#c3
--- Comment #3 from Sebastien Pouliot <spouliot at novell.com> 2009-11-24 02:05:50 UTC ---
Good point. However this condition will not occur on "normal" code, but only
"broken" code (i.e. people hitting this are more likely trying to exploit it
than report it). Adding a few more options gives us:
a) do nothing (ship code as is) an let it crash (bad imo)
b) crash safely (g_assert)
c) report (current patch + g_warning) condition and return FALSE;
d) fix it properly (all callers)
Considering this code is part of Moonlight I think this disqualify (a) and, as
much as possible, (b). Now (d) is perfect if it can be available very soon (by
ship date). Otherwise I think we should commit (c) until (d) is ready - either
before or after the release.
* same thinking about the other [verifier] bugs
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list