[Mono-bugs] [Bug 558124] New: [verifier] SIGSEGV in inflate_generic_type on a bad assembly

Tue Nov 24 13:54:08 EST 2009

http://bugzilla.novell.com/show_bug.cgi?id=558124

http://bugzilla.novell.com/show_bug.cgi?id=558124#c0

           Summary: [verifier] SIGSEGV in inflate_generic_type on a bad
                    assembly
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: Other
        OS/Version: Other
            Status: NEW
          Severity: Normal
          Priority: P5 - None
         Component: misc
        AssignedTo: rkumpera at novell.com
        ReportedBy: spouliot at novell.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---

Created an attachment (id=329288)
 --> (http://bugzilla.novell.com/attachment.cgi?id=329288)
assembly to reproduce crash

The function inflate_generic_type use the image* parameter 3 times. However
it's being called by:

MonoType*
mono_class_inflate_generic_type_checked (MonoType *type, MonoGenericContext
*context, MonoError *error)
{
    return mono_class_inflate_generic_type_with_mempool (NULL, type, context,
error);
}

which calls inflate_generic_type if context is not NULL

    if (context)
        inflated = inflate_generic_type (image, type, context, error);

GCC inlining hides that a bit in the following stack trace.

gdb --args pedump --verify all System.72329.dll

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fc5b35cd710 (LWP 19985)]
0x000000000041b859 in inflate_generic_type (image=0x0, type=0x8837e8,
context=0x87f228, error=0x7fffbb5ee030) at class.c:532
532                mono_error_set_bad_image (error, image->module_name, "VAR %d
(%s) cannot be expanded in this context with %d instantiations",
(gdb) bt
#0  0x000000000041b859 in inflate_generic_type (image=0x0, type=0x8837e8,
context=0x87f228, error=0x7fffbb5ee030) at class.c:532
#1  0x000000000041ca09 in mono_class_inflate_generic_type_with_mempool
(image=0x0, type=0x8837e8, context=0x87f228, error=0x7fffbb5ee030) at
class.c:667
#2  0x0000000000495d22 in mono_method_verify (method=<value optimized out>,
level=<value optimized out>) at verify.c:4943
#3  0x000000000040daed in main (argc=8430352, argv=<value optimized out>) at
pedump.c:374
(gdb) up 2
#2  0x0000000000495d22 in mono_method_verify (method=<value optimized out>,
level=<value optimized out>) at verify.c:4943
4943            ctx.locals [i] = mono_class_inflate_generic_type_checked
(ctx.locals [i], ctx.generic_context, &error);
(gdb) p ctx
$1 = {max_args = 1, max_stack = 5, verifiable = 1, valid = 1, level = 135,
code_size = 88, code = 0x887750, eval = {stack = 0x0, size = 0, flags = 0},
params = 0x87af10, list = 0x0, funptrs = 0x0, 
  exception_types = 0x0, num_locals = 3, locals = 0x87a2b0, target = 0,
ip_offset = 0, signature = 0x883770, header = 0x883798, generic_context =
0x87f228, image = 0x85da80, method = 0x883740, 
  has_this_store = 0, super_ctor_called = 0, prefix_set = 0, has_flags = 0,
constrained_type = 0x0}
(gdb) p i
$2 = 0
(gdb) p ctx.locals[i]
$3 = (MonoType *) 0x8837e8
(gdb) p *ctx.locals[i]
$4 = {data = {klass = 0x8837d0, type = 0x8837d0, array = 0x8837d0, method =
0x8837d0, generic_param = 0x8837d0, generic_class = 0x8837d0}, attrs = 0, type
= MONO_TYPE_VAR, num_mods = 0, byref = 0, 
  pinned = 0, modifiers = 0x8837f4}

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.