[Mono-bugs] [Bug 573682] segtaults when encoding/decoding non-UTF8 strings

bugzilla_noreply at novell.com bugzilla_noreply at novell.com
Tue Feb 9 11:46:00 EST 2010


http://bugzilla.novell.com/show_bug.cgi?id=573682

http://bugzilla.novell.com/show_bug.cgi?id=573682#c13


--- Comment #13 from Ted Unangst <tedu at fogcreek.com> 2010-02-09 16:45:59 UTC ---
Sorry, no.  I'm still puzzling out exactly what HandleFallback is doing, but
here's some more info for you.

CP1250:ToBytes is initially called on a string of 44 characters:
init cc 44 bc 44 ci 0 bi 0

It loops a while, then calls HandleFallback (this is with your patch, so
charCount is one less than byteCount).
before cc 34 bc 35 ci 10 bi 10
(recursive calls to ToBytes occur).
after cc 34 bc 35 ci 10 bi 11

The thing I notice here is that HandleFallback has incremented the byte index,
while not touching the character counts.

This continues a while, with the byte index creeping up faster than charCount
or charIndex.
before cc 1 bc 2 ci 43 bi 52
after cc 1 bc 2 ci 43 bi 53
The byte index is now outside the range of the 44 byte allocated array, and we
don't have long to live:
before cc 0 bc 1 ci 44 bi 54
CRASH.

-- 
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
You are the assignee for the bug.


More information about the mono-bugs mailing list