projects
/
mono.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
8d17a32
)
[verifier] Allow byref in PropertySig blobs. Fixes #59180
author
Rodrigo Kumpera
<kumpera@gmail.com>
Tue, 12 Sep 2017 17:30:13 +0000
(10:30 -0700)
committer
Marek Safar
<marek.safar@gmail.com>
Tue, 19 Sep 2017 11:54:28 +0000
(13:54 +0200)
mono/metadata/metadata-verify.c
patch
|
blob
|
history
diff --git
a/mono/metadata/metadata-verify.c
b/mono/metadata/metadata-verify.c
index 666c158332e59a59b3bcbb48ea0328defc7a9dd5..e898178e00a1532a253acbf3adea8e23787c6fd9 100644
(file)
--- a/
mono/metadata/metadata-verify.c
+++ b/
mono/metadata/metadata-verify.c
@@
-1514,6
+1514,7
@@
parse_method_signature (VerifyContext *ctx, const char **_ptr, const char *end,
static gboolean
parse_property_signature (VerifyContext *ctx, const char **_ptr, const char *end)
{
static gboolean
parse_property_signature (VerifyContext *ctx, const char **_ptr, const char *end)
{
+ unsigned type = 0;
unsigned sig = 0;
unsigned param_count = 0, i;
const char *ptr = *_ptr;
unsigned sig = 0;
unsigned param_count = 0, i;
const char *ptr = *_ptr;
@@
-1530,6
+1531,13
@@
parse_property_signature (VerifyContext *ctx, const char **_ptr, const char *end
if (!parse_custom_mods (ctx, &ptr, end))
return FALSE;
if (!parse_custom_mods (ctx, &ptr, end))
return FALSE;
+ if (!safe_read8 (type, ptr, end))
+ FAIL (ctx, g_strdup ("PropertySig: Not enough room for the type"));
+
+ //check if it's a byref. safe_read8 did update ptr, so we rollback if it's not a byref
+ if (type != MONO_TYPE_BYREF)
+ --ptr;
+
if (!parse_type (ctx, &ptr, end))
FAIL (ctx, g_strdup ("PropertySig: Could not parse property type"));
if (!parse_type (ctx, &ptr, end))
FAIL (ctx, g_strdup ("PropertySig: Could not parse property type"));