[Mono-list] Mono.Unix.Native.Syscall.readlink memory corruption

[Jonathan Pryor]

On Tue, 2006-03-14 at 10:37 -0500, Gonzalo Paniagua Javier wrote:
> Here's a patch that fixes the corruption problem. May I commit?
        
> -       if (items_written > mono_stringbuilder_capacity (sb))
> +       if (items_written > mono_stringbuilder_capacity (sb)) {
>                 items_written = mono_stringbuilder_capacity (sb);
> +               need_nul = TRUE;
> +       }

I may be missing something, but I'm missing how this actually fixes the
corruption problem.

The intent is that a marshaled StringBuilder will contain a buffer that
unmanaged code should fill.  (Reality is that the runtime passes an
internally allocated buffer to the unmanaged code and copies this buffer
into the StringBuilder, but this doesn't change things significantly...)

So if unmanaged code overwrote the buffer:

-       if (items_written > mono_stringbuilder_capacity (sb))

isn't there a chance that the internal buffer was also overwritten?  If
this is the case, isn't there _no_ _way_ to avoid any memory corruption,
since by definition a buffer was overflowed, so you have no idea what
was overflowed?

(I suppose mono could allocate an extra memory block and set the
permissions to deny writing, triggering a hardware exception if it's
written to, but I don't believe this is actually done...)

Regardless, if the StringBuilder capacity is overwritten, wouldn't it
make more sense to generate an exception, such as an
ExecutionEngineException or something?

 - Jon