[Mono-bugs] [Bug 630001] New: Mono doesn't validate sizes of heaps / streams

Tue Aug 10 11:23:41 EDT 2010

http://bugzilla.novell.com/show_bug.cgi?id=630001

http://bugzilla.novell.com/show_bug.cgi?id=630001#c0

           Summary: Mono doesn't validate sizes of heaps / streams
    Classification: Mono
           Product: Mono: Runtime
           Version: 2.6.x
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: P5 - None
         Component: misc
        AssignedTo: mono-bugs at lists.ximian.com
        ReportedBy: gim913 at gmail.com
         QAContact: mono-bugs at lists.ximian.com
          Found By: ---
           Blocker: ---

Created an attachment (id=381963)
 --> (http://bugzilla.novell.com/attachment.cgi?id=381963)
zip containing example executables

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.2.8)
Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E)

I'm not sure if this should be regarded as a bug, but mono doesn't
seem to validate sizes of heaps/streams.

I'm not sure if this is in specification, but it seems that microsoft
implementation doesn't allow two things:
 * streams cannot exceed metadata size, that is
stream.offset + stream.size < meta.size (and probably also stream.offset <
meta.size, although I'm not sure about that one)

 * streams cannot overlap:
   * end of a stream (stream.offset + stream.size) cannot fall into any other
stream,
   * given stream cannot contain other stream

I'm attaching two executables illustrating both problems. They run in mono, but
doesn't run in ms .net runtime.

Reproducible: Always

Steps to Reproduce:
1.
2.
3.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.