[Mono-bugs] [Bug 623581] Invalid pointer returned from mono_image_load_module
bugzilla_noreply at novell.com
bugzilla_noreply at novell.com
Mon Jul 19 14:21:30 EDT 2010
http://bugzilla.novell.com/show_bug.cgi?id=623581
http://bugzilla.novell.com/show_bug.cgi?id=623581#c1
--- Comment #1 from Sebastien Pouliot <spouliot at novell.com> 2010-07-19 18:21:30 UTC ---
Breakpoint 1, mono_image_load_module (image=0x829c998, idx=0) at image.c:570
570 return image->modules [idx - 1];
(gdb) p idx
$4 = 0
and 'idx' is one-based.
I'm using this patch to resume fuzzing. Maybe it should be reported in a better
manner, but the 'too large idx' case already returns NULL.
Index: mono/metadata/image.c
===================================================================
--- mono/metadata/image.c (revision 160387)
+++ mono/metadata/image.c (working copy)
@@ -564,7 +564,7 @@
GList *list_iter, *valid_modules = NULL;
MonoImageOpenStatus status;
- if ((image->module_count == 0) || (idx > image->module_count))
+ if ((image->module_count == 0) || (idx > image->module_count) || (idx <=
0))
return NULL;
if (image->modules_loaded [idx - 1])
return image->modules [idx - 1];
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
More information about the mono-bugs
mailing list