* Copyright 2001-2003 Ximian, Inc (http://www.ximian.com)
* Copyright 2004-2009 Novell, Inc (http://www.novell.com)
*/
+#include <config.h>
#include <mono/metadata/object-internals.h>
#include <mono/metadata/verify.h>
#include <ctype.h>
+static MiniVerifierMode verifier_mode = MONO_VERIFIER_MODE_OFF;
+static gboolean verify_all = FALSE;
+
+/*
+ * Set the desired level of checks for the verfier.
+ *
+ */
+void
+mono_verifier_set_mode (MiniVerifierMode mode)
+{
+ verifier_mode = mode;
+}
+
+void
+mono_verifier_enable_verify_all ()
+{
+ verify_all = TRUE;
+}
+
+#ifndef DISABLE_VERIFIER
/*
* Pull the list of opcodes
*/
(__ctx)->valid = 0; \
} \
} while (0)
+
+#define CHECK_ADD4_OVERFLOW_UN(a, b) ((guint32)(0xFFFFFFFFU) - (guint32)(b) < (guint32)(a))
+#define CHECK_ADD8_OVERFLOW_UN(a, b) ((guint64)(0xFFFFFFFFFFFFFFFFUL) - (guint64)(b) < (guint64)(a))
+
+#if SIZEOF_VOID_P == 4
+#define CHECK_ADDP_OVERFLOW_UN(a,b) CHECK_ADD4_OVERFLOW_UN(a, b)
+#else
+#define CHECK_ADDP_OVERFLOW_UN(a,b) CHECK_ADD8_OVERFLOW_UN(a, b)
+#endif
+
+#define ADDP_IS_GREATER_OR_OVF(a, b, c) (((a) + (b) > (c)) || CHECK_ADDP_OVERFLOW_UN (a, b))
+#define ADD_IS_GREATER_OR_OVF(a, b, c) (((a) + (b) > (c)) || CHECK_ADD4_OVERFLOW_UN (a, b))
+
/*Flags to be used with ILCodeDesc::flags */
enum {
/*Instruction has not been processed.*/
int i;
mono_class_setup_methods (klass);
+ if (klass->exception_type)
+ return FALSE;
for (i = 0; i < klass->method.count; ++i) {
method = klass->methods [i];
if (mono_method_is_constructor (method) &&
+ mono_method_signature (method) &&
mono_method_signature (method)->param_count == 0 &&
(method->flags & METHOD_ATTRIBUTE_MEMBER_ACCESS_MASK) == METHOD_ATTRIBUTE_PUBLIC)
return TRUE;
return FALSE;
}
-static gboolean
-mono_class_interface_implements_interface (MonoClass *candidate, MonoClass *iface)
-{
- int i;
- do {
- if (candidate == iface)
- return TRUE;
- mono_class_setup_interfaces (candidate);
- for (i = 0; i < candidate->interface_count; ++i) {
- if (candidate->interfaces [i] == iface || mono_class_interface_implements_interface (candidate->interfaces [i], iface))
- return TRUE;
- }
- candidate = candidate->parent;
- } while (candidate);
- return FALSE;
-}
-
/*
* Verify if @type is valid for the given @ctx verification context.
* this function checks for VAR and MVAR types that are invalid under the current verifier,
static MonoType*
verifier_inflate_type (VerifyContext *ctx, MonoType *type, MonoGenericContext *context)
{
- if (!mono_type_is_valid_type_in_context (type, context))
- return NULL;
- return mono_class_inflate_generic_type (type, context);
-}
-/*
- * Test if @candidate is a subtype of @target using the minimal possible information
- * TODO move the code for non finished TypeBuilders to here.
- */
-static gboolean
-mono_class_is_constraint_compatible (MonoClass *candidate, MonoClass *target)
-{
- if (candidate == target)
- return TRUE;
- if (target == mono_defaults.object_class)
- return TRUE;
-
- //setup_supertypes don't mono_class_init anything
- mono_class_setup_supertypes (candidate);
- mono_class_setup_supertypes (target);
-
- if (mono_class_has_parent (candidate, target))
- return TRUE;
-
- //if target is not a supertype it must be an interface
- if (!MONO_CLASS_IS_INTERFACE (target))
- return FALSE;
+ MonoError error;
+ MonoType *result;
- if (candidate->image->dynamic && !candidate->wastypebuilder) {
- MonoReflectionTypeBuilder *tb = candidate->reflection_info;
- int j;
- if (tb->interfaces) {
- for (j = mono_array_length (tb->interfaces) - 1; j >= 0; --j) {
- MonoReflectionType *iface = mono_array_get (tb->interfaces, MonoReflectionType*, j);
- MonoClass *ifaceClass = mono_class_from_mono_type (iface->type);
- if (mono_class_is_constraint_compatible (ifaceClass, target)) {
- return TRUE;
- }
- }
- }
- return FALSE;
+ result = mono_class_inflate_generic_type_checked (type, context, &error);
+ if (!mono_error_ok (&error)) {
+ mono_error_cleanup (&error);
+ return NULL;
}
- return mono_class_interface_implements_interface (candidate, target);
+ return result;
}
+
static gboolean
is_valid_generic_instantiation (MonoGenericContainer *gc, MonoGenericContext *context, MonoGenericInst *ginst)
{
+ MonoError error;
int i;
if (ginst->type_argc != gc->type_argc)
MonoClass *ctr = *constraints;
MonoType *inflated;
- inflated = mono_class_inflate_generic_type (&ctr->byval_arg, context);
+ inflated = mono_class_inflate_generic_type_checked (&ctr->byval_arg, context, &error);
+ if (!mono_error_ok (&error)) {
+ mono_error_cleanup (&error);
+ return FALSE;
+ }
ctr = mono_class_from_mono_type (inflated);
mono_metadata_free_type (inflated);
- if (!mono_class_is_constraint_compatible (paramClass, ctr))
+ if (!mono_class_is_assignable_from_slow (ctr, paramClass))
return FALSE;
}
}
{
MonoClass *klass;
+ if (type == NULL) {
+ ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid null type at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
+ return FALSE;
+ }
+
if (!is_valid_type_in_context (ctx, type)) {
char *str = mono_type_full_name (type);
ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid generic type (%s%s) (argument out of range or %s is not generic) at 0x%04x",
return FALSE;
}
- if (klass->exception_type != MONO_EXCEPTION_NONE || (klass->generic_class && klass->generic_class->container_class->exception_type != MONO_EXCEPTION_NONE)) {
+ if (klass->generic_class && klass->generic_class->container_class->exception_type != MONO_EXCEPTION_NONE) {
ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Could not load type %s.%s at 0x%04x", klass->name_space, klass->name, ctx->ip_offset), MONO_EXCEPTION_TYPE_LOAD);
return FALSE;
}
static MonoClassField*
-verifier_load_field (VerifyContext *ctx, int token, MonoClass **klass, const char *opcode) {
+verifier_load_field (VerifyContext *ctx, int token, MonoClass **out_klass, const char *opcode) {
MonoClassField *field;
-
+ MonoClass *klass = NULL;
+
if (!IS_FIELD_DEF_OR_REF (token) || !token_bounds_check (ctx->image, token)) {
- ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid field token 0x%x08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
+ ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid field token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
return NULL;
}
- field = mono_field_from_token (ctx->image, token, klass, ctx->generic_context);
- if (!field || !field->parent) {
+ field = mono_field_from_token (ctx->image, token, &klass, ctx->generic_context);
+ if (!field || !field->parent || !klass) {
ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Cannot load field from token 0x%08x for %s at 0x%04x", token, opcode, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
return NULL;
}
- if (!mono_type_is_valid_in_context (ctx, &field->parent->byval_arg))
+ if (!mono_type_is_valid_in_context (ctx, &klass->byval_arg))
return NULL;
+ *out_klass = klass;
return field;
}
found = *cname == 0;
for (i = 0; i < G_N_ELEMENTS (valid_cultures); ++i) {
- if (g_strcasecmp (valid_cultures [i], cname)) {
+ if (g_ascii_strcasecmp (valid_cultures [i], cname)) {
found = 1;
break;
}
static ILStackDesc *
stack_push (VerifyContext *ctx)
{
+ g_assert (ctx->eval.size < ctx->max_stack);
return & ctx->eval.stack [ctx->eval.size++];
}
static ILStackDesc *
stack_pop (VerifyContext *ctx)
{
- ILStackDesc *ret = ctx->eval.stack + --ctx->eval.size;
+ ILStackDesc *ret;
+ g_assert (ctx->eval.size > 0);
+ ret = ctx->eval.stack + --ctx->eval.size;
if ((ret->stype & UNINIT_THIS_MASK) == UNINIT_THIS_MASK)
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Found use of uninitialized 'this ptr' ref at 0x%04x", ctx->ip_offset));
return ret;
static ILStackDesc *
stack_pop_safe (VerifyContext *ctx)
{
+ g_assert (ctx->eval.size > 0);
return ctx->eval.stack + --ctx->eval.size;
}
get_boxable_mono_type (VerifyContext* ctx, int token, const char *opcode)
{
MonoType *type;
-
+ MonoClass *class;
if (!(type = verifier_load_type (ctx, token, opcode)))
return NULL;
if (type->type == MONO_TYPE_TYPEDBYREF)
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid use of typedbyref for %s at 0x%04x", opcode, ctx->ip_offset));
+ if (!(class = mono_class_from_mono_type (type)))
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Could not retrieve type token for %s at 0x%04x", opcode, ctx->ip_offset));
+
+ if (class->generic_container && type->type != MONO_TYPE_GENERICINST)
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot use the generic type definition in a boxable type position for %s at 0x%04x", opcode, ctx->ip_offset));
+
check_unverifiable_type (ctx, type);
return type;
}
printf ("complex] (inst of %s )", value->type->data.generic_class->container_class->name);
return;
case MONO_TYPE_VAR:
- printf ("complex] (type generic param !%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
+ printf ("complex] (type generic param !%d - %s) ", value->type->data.generic_param->num, mono_generic_param_info (value->type->data.generic_param)->name);
return;
case MONO_TYPE_MVAR:
- printf ("complex] (method generic param !!%d - %s) ", value->type->data.generic_param->num, value->type->data.generic_param->name);
+ printf ("complex] (method generic param !!%d - %s) ", value->type->data.generic_param->num, mono_generic_param_info (value->type->data.generic_param)->name);
return;
default: {
//should be a boxed value
}
default:
- VERIFIER_DEBUG ( printf ("unknown type %02x in eval stack type\n", type->type); );
- g_assert_not_reached ();
- return 0;
+ return TYPE_INV;
}
}
static void
init_stack_with_value_at_exception_boundary (VerifyContext *ctx, ILCodeDesc *code, MonoClass *klass)
{
- MonoType *type = mono_class_inflate_generic_type (&klass->byval_arg, ctx->generic_context);
+ MonoError error;
+ MonoType *type = mono_class_inflate_generic_type_checked (&klass->byval_arg, ctx->generic_context, &error);
+
+ if (!mono_error_ok (&error)) {
+ char *name = mono_type_get_full_name (klass);
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid class %s used for exception", name));
+ g_free (name);
+ mono_error_cleanup (&error);
+ return;
+ }
+
+ if (!ctx->max_stack) {
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Stack overflow at 0x%04x", ctx->ip_offset));
+ return;
+ }
+
stack_init (ctx, code);
set_stack_value (ctx, code->stack, type, FALSE);
ctx->exception_types = g_slist_prepend (ctx->exception_types, type);
case MONO_TYPE_TYPEDBYREF:
return candidate->type == MONO_TYPE_TYPEDBYREF;
- case MONO_TYPE_VALUETYPE:
- if (candidate->type == MONO_TYPE_VALUETYPE && target->data.klass == candidate->data.klass)
+ case MONO_TYPE_VALUETYPE: {
+ MonoClass *target_klass = mono_class_from_mono_type (target);
+ MonoClass *candidate_klass = mono_class_from_mono_type (candidate);
+
+ if (target_klass == candidate_klass)
return TRUE;
if (mono_type_is_enum_type (target)) {
target = mono_type_get_underlying_type_any (target);
goto handle_enum;
}
return FALSE;
+ }
case MONO_TYPE_VAR:
if (candidate->type != MONO_TYPE_VAR)
case MONO_TYPE_VALUETYPE:
/*FIXME handle nullables and enum*/
- return candidate->type == MONO_TYPE_VALUETYPE && target->data.klass == candidate->data.klass;
+ return mono_class_from_mono_type (candidate) == mono_class_from_mono_type (target);
case MONO_TYPE_VAR:
return candidate->type == MONO_TYPE_VAR && mono_type_get_generic_param_num (target) == mono_type_get_generic_param_num (candidate);
invoke = mono_get_delegate_invoke (delegate);
method = funptr->method;
+ if (!method || !mono_method_signature (method)) {
+ char *name = mono_type_get_full_name (delegate);
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid method on stack to create delegate %s construction at 0x%04x", name, ctx->ip_offset));
+ g_free (name);
+ return;
+ }
+
+ if (!invoke || !mono_method_signature (invoke)) {
+ char *name = mono_type_get_full_name (delegate);
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Delegate type %s with bad Invoke method at 0x%04x", name, ctx->ip_offset));
+ g_free (name);
+ return;
+ }
+
is_static_ldftn = (ip_offset > 5 && IS_LOAD_FUN_PTR (CEE_LDFTN)) && method->flags & METHOD_ATTRIBUTE_STATIC;
if (is_static_ldftn)
if (!mono_delegate_signature_equal (mono_method_signature (invoke), mono_method_signature (method), is_first_arg_bound)) {
char *fun_sig = mono_signature_get_desc (mono_method_signature (method), FALSE);
char *invoke_sig = mono_signature_get_desc (mono_method_signature (invoke), FALSE);
- CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Function pointer signature '%s' doesn't match delegate's signatuere '%s' at 0x%04x", fun_sig, invoke_sig, ctx->ip_offset));
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Function pointer signature '%s' doesn't match delegate's signature '%s' at 0x%04x", fun_sig, invoke_sig, ctx->ip_offset));
g_free (fun_sig);
g_free (invoke_sig);
}
//general tests
if (is_first_arg_bound) {
- if (!verify_stack_type_compatibility_full (ctx, mono_method_signature (method)->params [0], value, FALSE, TRUE))
+ if (mono_method_signature (method)->param_count == 0 || !verify_stack_type_compatibility_full (ctx, mono_method_signature (method)->params [0], value, FALSE, TRUE))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx->ip_offset));
} else {
- if (!verify_stack_type_compatibility_full (ctx, &method->klass->byval_arg, value, FALSE, TRUE) && !stack_slot_is_null_literal (value))
- CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx->ip_offset));
+ if (method->flags & METHOD_ATTRIBUTE_STATIC) {
+ if (!stack_slot_is_null_literal (value) && !is_first_arg_bound)
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Non-null this args used with static function for delegate creation at 0x%04x", ctx->ip_offset));
+ } else {
+ if (!verify_stack_type_compatibility_full (ctx, &method->klass->byval_arg, value, FALSE, TRUE) && !stack_slot_is_null_literal (value))
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("This object not compatible with function pointer for delegate creation at 0x%04x", ctx->ip_offset));
+ }
}
if (stack_slot_get_type (value) != TYPE_COMPLEX)
if (!(sig = mono_method_get_signature_full (method, ctx->image, method_token, ctx->generic_context)))
sig = mono_method_get_signature (method, ctx->image, method_token);
+ if (!sig) {
+ char *name = mono_type_get_full_name (method->klass);
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Could not resolve signature of %s:%s at 0x%04x", name, method->name, ctx->ip_offset));
+ g_free (name);
+ return;
+ }
+
param_count = sig->param_count + sig->hasthis;
if (!check_underflow (ctx, param_count))
return;
if (!verify_stack_type_compatibility (ctx, sig->params[i], value)) {
char *stack_name = stack_slot_full_name (value);
char *sig_name = mono_type_full_name (sig->params [i]);
- CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter value with function signature: %s X %s at 0x%04x", sig_name, stack_name, ctx->ip_offset));
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible parameter with function signature: Calling method with signature (%s) but for argument %d there is a (%s) on stack at 0x%04x", sig_name, i, stack_name, ctx->ip_offset));
g_free (stack_name);
g_free (sig_name);
}
if (!verify_stack_type_compatibility (ctx, type, ©))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Incompatible this argument on stack with method signature at 0x%04x", ctx->ip_offset));
- if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_method_full (ctx->method, method, value->type->data.klass)) {
+ if (!IS_SKIP_VISIBILITY (ctx) && !mono_method_can_access_method_full (ctx->method, method, mono_class_from_mono_type (value->type))) {
char *name = mono_method_full_name (method, TRUE);
CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Method %s is not accessible at 0x%04x", name, ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
g_free (name);
{
MonoClassField *field;
MonoClass *klass;
+ if (!check_overflow (ctx))
+ return;
if (!take_addr)
CLEAR_PREFIX (ctx, PREFIX_VOLATILE);
else if (IS_STRICT_MODE (ctx) && !mono_metadata_type_equal (type, stack))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
} else if (!verify_type_compatibility (ctx, stack, type)) {
- CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Type token of initobj not compatible with value on stack at 0x%04x", ctx->ip_offset));
+ char *expected_name = mono_type_full_name (type);
+ char *stack_name = mono_type_full_name (stack);
+
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Initobj %s not compatible with value on stack %s at 0x%04x", expected_name, stack_name, ctx->ip_offset));
+ g_free (expected_name);
+ g_free (stack_name);
}
}
if (method->klass->flags & (TYPE_ATTRIBUTE_ABSTRACT | TYPE_ATTRIBUTE_INTERFACE))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Trying to instantiate an abstract or interface type at 0x%04x", ctx->ip_offset));
- if (!mono_method_can_access_method_full (ctx->method, method, NULL))
- CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Constructor not visible at 0x%04x", ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
+ if (!mono_method_can_access_method_full (ctx->method, method, NULL)) {
+ char *from = mono_method_full_name (ctx->method, TRUE);
+ char *to = mono_method_full_name (method, TRUE);
+ CODE_NOT_VERIFIABLE2 (ctx, g_strdup_printf ("Constructor %s not visible from %s at 0x%04x", to, from, ctx->ip_offset), MONO_EXCEPTION_METHOD_ACCESS);
+ g_free (from);
+ g_free (to);
+ }
//FIXME use mono_method_get_signature_full
sig = mono_method_signature (method);
+ if (!sig) {
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Invalid constructor signature to newobj at 0x%04x", ctx->ip_offset));
+ return;
+ }
+
if (!check_underflow (ctx, sig->param_count))
return;
if (stack_slot_is_managed_pointer (value))
CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Invalid value for %s at 0x%04x", opcode, ctx->ip_offset));
- else if (mono_class_from_mono_type (value->type)->valuetype && !is_boxed)
- CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Value cannot be a valuetype for %s at 0x%04x", opcode, ctx->ip_offset));
+ else if (!MONO_TYPE_IS_REFERENCE (value->type) && !is_boxed) {
+ char *name = stack_slot_full_name (value);
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Expected a reference type on stack for %s but found %s at 0x%04x", opcode, name, ctx->ip_offset));
+ g_free (name);
+ }
switch (value->type->type) {
case MONO_TYPE_FNPTR:
if (!check_underflow (ctx, 2))
return;
- if (opcode == CEE_LDELEM_ANY) {
+ if (opcode == CEE_LDELEM) {
if (!(type = verifier_load_type (ctx, token, "ldelem.any"))) {
ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
return;
if (!check_underflow (ctx, 3))
return;
- if (opcode == CEE_STELEM_ANY) {
+ if (opcode == CEE_STELEM) {
if (!(type = verifier_load_type (ctx, token, "stelem.any"))) {
ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Type (0x%08x) not found at 0x%04x", token, ctx->ip_offset));
return;
static void
do_ldstr (VerifyContext *ctx, guint32 token)
{
+ GSList *error = NULL;
if (mono_metadata_token_code (token) != MONO_TOKEN_STRING) {
ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid string token %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
return;
}
- if (!ctx->image->dynamic && mono_metadata_token_index (token) >= ctx->image->heap_us.size) {
+ if (!ctx->image->dynamic && !mono_verifier_verify_string_signature (ctx->image, mono_metadata_token_index (token), &error)) {
+ if (error)
+ ctx->list = g_slist_concat (ctx->list, error);
ADD_VERIFY_ERROR2 (ctx, g_strdup_printf ("Invalid string index %x at 0x%04x", token, ctx->ip_offset), MONO_EXCEPTION_BAD_IMAGE);
return;
}
static void
merge_stacks (VerifyContext *ctx, ILCodeDesc *from, ILCodeDesc *to, gboolean start, gboolean external)
{
+ MonoError error;
int i, j, k;
stack_init (ctx, to);
}
}
- mono_class_setup_interfaces (old_class);
+ mono_class_setup_interfaces (old_class, &error);
+ if (!mono_error_ok (&error)) {
+ CODE_NOT_VERIFIABLE (ctx, g_strdup_printf ("Cannot merge stacks due to a TypeLoadException %s at 0x%04x", mono_error_get_message (&error), ctx->ip_offset));
+ mono_error_cleanup (&error);
+ goto end_verify;
+ }
for (j = 0; j < old_class->interface_count; ++j) {
for (k = 0; k < new_class->interface_count; ++k) {
if (mono_metadata_type_equal (&old_class->interfaces [j]->byval_arg, &new_class->interfaces [k]->byval_arg)) {
verify_clause_relationship (VerifyContext *ctx, MonoExceptionClause *clause, MonoExceptionClause *to_test)
{
/*clause is nested*/
- if (is_clause_nested (to_test, clause)) {
- if (to_test->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
- ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clause inside filter"));
- }
+ if (to_test->flags == MONO_EXCEPTION_CLAUSE_FILTER && is_clause_inside_range (clause, to_test->data.filter_offset, to_test->handler_offset)) {
+ ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clause inside filter"));
return;
}
}
/*not completelly disjoint*/
- if (is_clause_in_range (to_test, clause->try_offset, clause->try_offset + clause->try_len) ||
- is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len))
+ if ((is_clause_in_range (to_test, clause->try_offset, clause->try_offset + clause->try_len) ||
+ is_clause_in_range (to_test, HANDLER_START (clause), clause->handler_offset + clause->handler_len)) && !is_clause_nested (to_test, clause))
ADD_VERIFY_ERROR (ctx, g_strdup_printf ("Exception clauses overlap"));
}
#define code_bounds_check(size) \
- if (ip + size > end) {\
+ if (ADDP_IS_GREATER_OR_OVF (ip, size, end)) {\
ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Code overrun starting with 0x%x at 0x%04x", *ip, ctx.ip_offset)); \
break; \
} \
GSList*
mono_method_verify (MonoMethod *method, int level)
{
+ MonoError error;
const unsigned char *ip;
const unsigned char *end;
int i, n, need_merge = 0, start = 0;
ctx.generic_context = generic_context = &method->klass->generic_container->context;
}
- for (i = 0; i < ctx.num_locals; ++i)
- ctx.locals [i] = mono_class_inflate_generic_type (ctx.locals [i], ctx.generic_context);
- for (i = 0; i < ctx.max_args; ++i)
- ctx.params [i] = mono_class_inflate_generic_type (ctx.params [i], ctx.generic_context);
+ for (i = 0; i < ctx.num_locals; ++i) {
+ MonoType *uninflated = ctx.locals [i];
+ ctx.locals [i] = mono_class_inflate_generic_type_checked (ctx.locals [i], ctx.generic_context, &error);
+ if (!mono_error_ok (&error)) {
+ char *name = mono_type_full_name (ctx.locals [i] ? ctx.locals [i] : uninflated);
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Invalid local %d of type %s", i, name));
+ g_free (name);
+ mono_error_cleanup (&error);
+ /* we must not free (in cleanup) what was not yet allocated (but only copied) */
+ ctx.num_locals = i;
+ ctx.max_args = 0;
+ goto cleanup;
+ }
+ }
+ for (i = 0; i < ctx.max_args; ++i) {
+ MonoType *uninflated = ctx.params [i];
+ ctx.params [i] = mono_class_inflate_generic_type_checked (ctx.params [i], ctx.generic_context, &error);
+ if (!mono_error_ok (&error)) {
+ char *name = mono_type_full_name (ctx.params [i] ? ctx.params [i] : uninflated);
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Invalid parameter %d of type %s", i, name));
+ g_free (name);
+ mono_error_cleanup (&error);
+ /* we must not free (in cleanup) what was not yet allocated (but only copied) */
+ ctx.max_args = i;
+ goto cleanup;
+ }
+ }
stack_init (&ctx, &ctx.eval);
for (i = 0; i < ctx.num_locals; ++i) {
- if (!mono_type_is_valid_in_context (&ctx, ctx.locals [i])) {
- /*TODO use the last error message to provide better feedback. */
- ADD_VERIFY_ERROR2 (&ctx, g_strdup_printf ("Invalid local variable %d", i), MONO_EXCEPTION_BAD_IMAGE);
+ if (!mono_type_is_valid_in_context (&ctx, ctx.locals [i]))
+ break;
+ if (get_stack_type (ctx.locals [i]) == TYPE_INV) {
+ char *name = mono_type_full_name (ctx.locals [i]);
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Invalid local %i of type %s", i, name));
+ g_free (name);
break;
}
+
}
for (i = 0; i < ctx.max_args; ++i) {
- if (!mono_type_is_valid_in_context (&ctx, ctx.params [i])) {
- /*TODO use the last error message to provide better feedback. */
- ADD_VERIFY_ERROR2 (&ctx, g_strdup_printf ("Invalid parameter %d", i), MONO_EXCEPTION_BAD_IMAGE);
+ if (!mono_type_is_valid_in_context (&ctx, ctx.params [i]))
+ break;
+
+ if (get_stack_type (ctx.params [i]) == TYPE_INV) {
+ char *name = mono_type_full_name (ctx.params [i]);
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Invalid parameter %i of type %s", i, name));
+ g_free (name);
break;
}
}
MonoExceptionClause *clause = ctx.header->clauses + i;
VERIFIER_DEBUG (printf ("clause try %x len %x filter at %x handler at %x len %x\n", clause->try_offset, clause->try_len, clause->data.filter_offset, clause->handler_offset, clause->handler_len); );
- if (clause->try_offset > ctx.code_size || clause->try_offset + clause->try_len > ctx.code_size)
+ if (clause->try_offset > ctx.code_size || ADD_IS_GREATER_OR_OVF (clause->try_offset, clause->try_len, ctx.code_size))
ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause out of bounds at 0x%04x", clause->try_offset));
if (clause->try_len <= 0)
ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
- if (clause->handler_offset > ctx.code_size || clause->handler_offset + clause->handler_len > ctx.code_size)
+ if (clause->handler_offset > ctx.code_size || ADD_IS_GREATER_OR_OVF (clause->handler_offset, clause->handler_len, ctx.code_size))
ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("handler clause out of bounds at 0x%04x", clause->try_offset));
if (clause->handler_len <= 0)
- ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try clause len <= 0 at 0x%04x", clause->try_offset));
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("handler clause len <= 0 at 0x%04x", clause->try_offset));
- if (clause->try_offset < clause->handler_offset && clause->try_offset + clause->try_len > HANDLER_START (clause))
+ if (clause->try_offset < clause->handler_offset && ADD_IS_GREATER_OR_OVF (clause->try_offset, clause->try_len, HANDLER_START (clause)))
ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("try block (at 0x%04x) includes handler block (at 0x%04x)", clause->try_offset, clause->handler_offset));
+ if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER && clause->data.filter_offset > ctx.code_size)
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("filter clause out of bounds at 0x%04x", clause->try_offset));
+
for (n = i + 1; n < ctx.header->num_clauses && ctx.valid; ++n)
verify_clause_relationship (&ctx, clause, ctx.header->clauses + n);
ctx.code [clause->handler_offset + clause->handler_len].flags |= IL_CODE_FLAG_WAS_TARGET;
if (clause->flags == MONO_EXCEPTION_CLAUSE_NONE) {
+ if (!clause->data.catch_class) {
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Catch clause %d with invalid type", i));
+ break;
+ }
+
init_stack_with_value_at_exception_boundary (&ctx, ctx.code + clause->handler_offset, clause->data.catch_class);
}
else if (clause->flags == MONO_EXCEPTION_CLAUSE_FILTER) {
start = 1;
}
- if (clause->try_offset == ip_offset && ctx.eval.size > 0) {
+ if (clause->try_offset == ip_offset && ctx.eval.size > 0 && start == 0) {
ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Try to enter try block with a non-empty stack at 0x%04x", ip_offset));
start = 1;
}
ip += 2;
break;
- /* FIXME: warn/error instead? */
case CEE_UNUSED99:
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Use of the `unused' opcode"));
++ip;
break;
need_merge = 1;
break;
- case CEE_SWITCH:
+ case CEE_SWITCH: {
+ guint32 entries;
code_bounds_check (5);
- n = read32 (ip + 1);
- code_bounds_check (5 + sizeof (guint32) * n);
+ entries = read32 (ip + 1);
+
+ if (entries > 0xFFFFFFFFU / sizeof (guint32))
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Too many switch entries %x at 0x%04x", entries, ctx.ip_offset));
+
+ ip += 5;
+ code_bounds_check (sizeof (guint32) * entries);
- do_switch (&ctx, n, (ip + 5));
+ do_switch (&ctx, entries, ip);
start = 1;
- ip += 5 + sizeof (guint32) * n;
+ ip += sizeof (guint32) * entries;
break;
-
+ }
case CEE_LDIND_I1:
case CEE_LDIND_U1:
case CEE_LDIND_I2:
case CEE_UNUSED58:
case CEE_UNUSED1:
- ++ip; /* warn, error ? */
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Use of the `unused' opcode"));
+ ++ip;
break;
case CEE_UNBOX:
++ip;
break;
- case CEE_LDELEM_ANY:
+ case CEE_LDELEM:
code_bounds_check (5);
do_ldelem (&ctx, *ip, read32 (ip + 1));
ip += 5;
break;
- case CEE_STELEM_ANY:
+ case CEE_STELEM:
code_bounds_check (5);
do_stelem (&ctx, *ip, read32 (ip + 1));
ip += 5;
ip += 5;
break;
- case CEE_UNUSED56:
- ++ip;
- break;
-
case CEE_LDARG:
case CEE_LDARGA:
code_bounds_check (3);
++ip;
break;
+ case CEE_UNUSED56:
case CEE_UNUSED57:
+ case CEE_UNUSED70:
+ case CEE_UNUSED:
+ ADD_VERIFY_ERROR (&ctx, g_strdup_printf ("Use of the `unused' opcode"));
++ip;
break;
case CEE_ENDFILTER:
start = 1;
++ip;
break;
- case CEE_UNUSED:
- ++ip;
- break;
case CEE_SIZEOF:
code_bounds_check (5);
CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Invalid call to a non-final virtual function in method with stdarg.0 or ldarga.0 at 0x%04x", i));
}
- if (mono_method_is_constructor (ctx.method) && !ctx.super_ctor_called && !ctx.method->klass->valuetype && ctx.method->klass != mono_defaults.object_class)
- CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Constructor not calling super\n"));
+ if (mono_method_is_constructor (ctx.method) && !ctx.super_ctor_called && !ctx.method->klass->valuetype && ctx.method->klass != mono_defaults.object_class) {
+ char *method_name = mono_method_full_name (ctx.method, TRUE);
+ char *type = mono_type_get_full_name (ctx.method->klass);
+ if (ctx.method->klass->parent && ctx.method->klass->parent->exception_type != MONO_EXCEPTION_NONE)
+ CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Constructor %s for type %s not calling base type ctor due to a TypeLoadException on base type.", method_name, type));
+ else
+ CODE_NOT_VERIFIABLE (&ctx, g_strdup_printf ("Constructor %s for type %s not calling base type ctor.", method_name, type));
+ g_free (method_name);
+ g_free (type);
+ }
cleanup:
if (ctx.code) {
mono_metadata_free_type (tmp->data);
g_slist_free (ctx.exception_types);
- for (i = 0; i < ctx.num_locals; ++i)
- mono_metadata_free_type (ctx.locals [i]);
- for (i = 0; i < ctx.max_args; ++i)
- mono_metadata_free_type (ctx.params [i]);
+ for (i = 0; i < ctx.num_locals; ++i) {
+ if (ctx.locals [i])
+ mono_metadata_free_type (ctx.locals [i]);
+ }
+ for (i = 0; i < ctx.max_args; ++i) {
+ if (ctx.params [i])
+ mono_metadata_free_type (ctx.params [i]);
+ }
if (ctx.eval.stack)
g_free (ctx.eval.stack);
return NULL;
}
-static MiniVerifierMode verifier_mode = MONO_VERIFIER_MODE_OFF;
-static gboolean verify_all = FALSE;
-
-/*
- * Set the desired level of checks for the verfier.
- *
- */
-void
-mono_verifier_set_mode (MiniVerifierMode mode)
-{
- verifier_mode = mode;
-}
-
-void
-mono_verifier_enable_verify_all ()
-{
- verify_all = TRUE;
-}
-
/*
* Returns true if @method needs to be verified.
*
return verify_all || (verifier_mode > MONO_VERIFIER_MODE_OFF && !klass->image->assembly->in_gac && klass->image != mono_defaults.corlib);
}
+gboolean
+mono_verifier_is_enabled_for_image (MonoImage *image)
+{
+ return verify_all || verifier_mode > MONO_VERIFIER_MODE_OFF;
+}
+
gboolean
mono_verifier_is_method_full_trust (MonoMethod *method)
{
return TRUE;
}
+static guint
+field_hash (gconstpointer key)
+{
+ const MonoClassField *field = key;
+ return g_str_hash (field->name) ^ mono_metadata_type_hash (field->type); /**/
+}
+
+static gboolean
+field_equals (gconstpointer _a, gconstpointer _b)
+{
+ const MonoClassField *a = _a;
+ const MonoClassField *b = _b;
+ return !strcmp (a->name, b->name) && mono_metadata_type_equal (a->type, b->type);
+}
+
+
+static gboolean
+verify_class_fields (MonoClass *class)
+{
+ gpointer iter = NULL;
+ MonoClassField *field;
+ MonoGenericContext *context = mono_class_get_context (class);
+ GHashTable *unique_fields = g_hash_table_new_full (&field_hash, &field_equals, NULL, NULL);
+ if (class->generic_container)
+ context = &class->generic_container->context;
+
+ while ((field = mono_class_get_fields (class, &iter)) != NULL) {
+ if (!mono_type_is_valid_type_in_context (field->type, context)) {
+ g_hash_table_destroy (unique_fields);
+ return FALSE;
+ }
+ if (g_hash_table_lookup (unique_fields, field)) {
+ g_hash_table_destroy (unique_fields);
+ return FALSE;
+ }
+ g_hash_table_insert (unique_fields, field, field);
+ }
+ g_hash_table_destroy (unique_fields);
+ return TRUE;
+}
+
+static gboolean
+verify_interfaces (MonoClass *class)
+{
+ int i;
+ for (i = 0; i < class->interface_count; ++i) {
+ MonoClass *iface = class->interfaces [i];
+ if (!(iface->flags & TYPE_ATTRIBUTE_INTERFACE))
+ return FALSE;
+ }
+ return TRUE;
+}
+
+static gboolean
+verify_valuetype_layout_with_target (MonoClass *class, MonoClass *target_class)
+{
+ int type;
+ gpointer iter = NULL;
+ MonoClassField *field;
+ MonoClass *field_class;
+
+ if (!class->valuetype)
+ return TRUE;
+
+ type = class->byval_arg.type;
+ /*primitive type fields are not properly decoded*/
+ if ((type >= MONO_TYPE_BOOLEAN && type <= MONO_TYPE_R8) || (type >= MONO_TYPE_I && type <= MONO_TYPE_U))
+ return TRUE;
+
+ while ((field = mono_class_get_fields (class, &iter)) != NULL) {
+ if (!field->type)
+ return FALSE;
+
+ if (field->type->attrs & (FIELD_ATTRIBUTE_STATIC | FIELD_ATTRIBUTE_HAS_FIELD_RVA))
+ continue;
+
+ field_class = mono_class_get_generic_type_definition (mono_class_from_mono_type (field->type));
+
+ if (field_class == target_class || class == field_class || !verify_valuetype_layout_with_target (field_class, target_class))
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+static gboolean
+verify_valuetype_layout (MonoClass *class)
+{
+ gboolean res;
+ res = verify_valuetype_layout_with_target (class, class);
+ return res;
+}
+
/*
* Check if the class is verifiable.
*
gboolean
mono_verifier_verify_class (MonoClass *class)
{
+ /*Neither <Module>, object or ifaces have parent.*/
+ if (!class->parent &&
+ class != mono_defaults.object_class &&
+ !MONO_CLASS_IS_INTERFACE (class) &&
+ (!class->image->dynamic && class->type_token != 0x2000001)) /*<Module> is the first type in the assembly*/
+ return FALSE;
+ if (class->parent && MONO_CLASS_IS_INTERFACE (class->parent))
+ return FALSE;
if (class->generic_container && (class->flags & TYPE_ATTRIBUTE_LAYOUT_MASK) == TYPE_ATTRIBUTE_EXPLICIT_LAYOUT)
return FALSE;
if (!verify_class_for_overlapping_reference_fields (class))
return FALSE;
-
if (class->generic_class && !mono_class_is_valid_generic_instantiation (NULL, class))
return FALSE;
+ if (class->generic_class == NULL && !verify_class_fields (class))
+ return FALSE;
+ if (class->valuetype && !verify_valuetype_layout (class))
+ return FALSE;
+ if (!verify_interfaces (class))
+ return FALSE;
+ return TRUE;
+}
+#else
+
+gboolean
+mono_verifier_verify_class (MonoClass *class)
+{
+ /* The verifier was disabled at compile time */
+ return TRUE;
+}
+
+GSList*
+mono_method_verify_with_current_settings (MonoMethod *method, gboolean skip_visibility)
+{
+ /* The verifier was disabled at compile time */
+ return NULL;
+}
+
+gboolean
+mono_verifier_is_class_full_trust (MonoClass *klass)
+{
+ /* The verifier was disabled at compile time */
return TRUE;
}
+
+gboolean
+mono_verifier_is_method_full_trust (MonoMethod *method)
+{
+ /* The verifier was disabled at compile time */
+ return TRUE;
+}
+
+gboolean
+mono_verifier_is_enabled_for_image (MonoImage *image)
+{
+ /* The verifier was disabled at compile time */
+ return FALSE;
+}
+
+gboolean
+mono_verifier_is_enabled_for_class (MonoClass *klass)
+{
+ /* The verifier was disabled at compile time */
+ return FALSE;
+}
+
+gboolean
+mono_verifier_is_enabled_for_method (MonoMethod *method)
+{
+ /* The verifier was disabled at compile time */
+ return FALSE;
+}
+
+GSList*
+mono_method_verify (MonoMethod *method, int level)
+{
+ /* The verifier was disabled at compile time */
+ return NULL;
+}
+
+void
+mono_free_verify_list (GSList *list)
+{
+ /* The verifier was disabled at compile time */
+ /* will always be null if verifier is disabled */
+}
+
+GSList*
+mono_image_verify_tables (MonoImage *image, int level)
+{
+ /* The verifier was disabled at compile time */
+ return NULL;
+}
+#endif