http://bugzilla.novell.com/show_bug.cgi?id=558124
http://bugzilla.novell.com/show_bug.cgi?id=558124#c0 Summary: [verifier] SIGSEGV in inflate_generic_type on a bad assembly Classification: Mono Product: Mono: Runtime Version: 2.6.x Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: misc AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- Created an attachment (id=329288) --> (http://bugzilla.novell.com/attachment.cgi?id=329288) assembly to reproduce crash The function inflate_generic_type use the image* parameter 3 times. However it's being called by: MonoType* mono_class_inflate_generic_type_checked (MonoType *type, MonoGenericContext *context, MonoError *error) { return mono_class_inflate_generic_type_with_mempool (NULL, type, context, error); } which calls inflate_generic_type if context is not NULL if (context) inflated = inflate_generic_type (image, type, context, error); GCC inlining hides that a bit in the following stack trace. gdb --args pedump --verify all System.72329.dll Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fc5b35cd710 (LWP 19985)] 0x000000000041b859 in inflate_generic_type (image=0x0, type=0x8837e8, context=0x87f228, error=0x7fffbb5ee030) at class.c:532 532 mono_error_set_bad_image (error, image->module_name, "VAR %d (%s) cannot be expanded in this context with %d instantiations", (gdb) bt #0 0x000000000041b859 in inflate_generic_type (image=0x0, type=0x8837e8, context=0x87f228, error=0x7fffbb5ee030) at class.c:532 #1 0x000000000041ca09 in mono_class_inflate_generic_type_with_mempool (image=0x0, type=0x8837e8, context=0x87f228, error=0x7fffbb5ee030) at class.c:667 #2 0x0000000000495d22 in mono_method_verify (method=<value optimized out>, level=<value optimized out>) at verify.c:4943 #3 0x000000000040daed in main (argc=8430352, argv=<value optimized out>) at pedump.c:374 (gdb) up 2 #2 0x0000000000495d22 in mono_method_verify (method=<value optimized out>, level=<value optimized out>) at verify.c:4943 4943 ctx.locals [i] = mono_class_inflate_generic_type_checked (ctx.locals [i], ctx.generic_context, &error); (gdb) p ctx $1 = {max_args = 1, max_stack = 5, verifiable = 1, valid = 1, level = 135, code_size = 88, code = 0x887750, eval = {stack = 0x0, size = 0, flags = 0}, params = 0x87af10, list = 0x0, funptrs = 0x0, exception_types = 0x0, num_locals = 3, locals = 0x87a2b0, target = 0, ip_offset = 0, signature = 0x883770, header = 0x883798, generic_context = 0x87f228, image = 0x85da80, method = 0x883740, has_this_store = 0, super_ctor_called = 0, prefix_set = 0, has_flags = 0, constrained_type = 0x0} (gdb) p i $2 = 0 (gdb) p ctx.locals[i] $3 = (MonoType *) 0x8837e8 (gdb) p *ctx.locals[i] $4 = {data = {klass = 0x8837d0, type = 0x8837d0, array = 0x8837d0, method = 0x8837d0, generic_param = 0x8837d0, generic_class = 0x8837d0}, attrs = 0, type = MONO_TYPE_VAR, num_mods = 0, byref = 0, pinned = 0, modifiers = 0x8837f4} -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
