http://bugzilla.novell.com/show_bug.cgi?id=558145
http://bugzilla.novell.com/show_bug.cgi?id=558145#c0 Summary: [verifier] SIGSEGV in mono_method_verify/mono_type_fullname on a bad assembly Classification: Mono Product: Mono: Runtime Version: 2.6.x Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: misc AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- note: The only test case I got (so far) is the same as #558124 (see binary attachment) when the included patch is applied. The problem is that mono_class_inflate_generic_type_checked can return NULL when it set an error (erasing the existing, non-null, un-inflated MonoType*). However, if an error occurs, the code in mono_method_verify tries to determine the full name of the type (using mono_type_full_name) leading to the SEGSIGV. There also seems to be a typo in the second loop (around line 4945) between ctx.params and ctx.locals Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fb925855710 (LWP 7361)] mono_type_get_desc (res=0x884540, type=0x0, include_namespace=1) at debug-helpers.c:94 94 switch (type->type) { (gdb) bt #0 mono_type_get_desc (res=0x884540, type=0x0, include_namespace=1) at debug-helpers.c:94 #1 0x0000000000423500 in mono_type_full_name (type=0x0) at debug-helpersc:197 #2 0x0000000000495d72 in mono_method_verify (method=<value optimized out>, level=<value optimized out>) at verify.c:4945 #3 0x000000000040daed in main (argc=8430352, argv=<value optimized out>) at pedump.c:374 (gdb) up 2 #2 0x0000000000495d72 in mono_method_verify (method=<value optimized out>, level=<value optimized out>) at verify.c:4945 4945 char *name = mono_type_full_name (ctx.locals [i]); (gdb) p i $1 = 0 (gdb) p ctx.locals [i] $2 = (MonoType *) 0x0 (gdb) p ctx $3 = {max_args = 1, max_stack = 5, verifiable = 1, valid = 1, level = 135, code_size = 88, code = 0x887750, eval = {stack = 0x0, size = 0, flags = 0}, params = 0x87af10, list = 0x0, funptrs = 0x0, exception_types = 0x0, num_locals = 3, locals = 0x87a2b0, target = 0, ip_offset = 0, signature = 0x883770, header = 0x883798, generic_context = 0x87f228, image = 0x85da80, method = 0x883740, has_this_store = 0, super_ctor_called = 0, prefix_set = 0, has_flags = 0, constrained_type = 0x0} (gdb) p ctx.num_locals $4 = 3 (gdb) p ctx.locals [1] $5 = (MonoType *) 0x516390 (gdb) p ctx.locals [2] $6 = (MonoType *) 0x883810 (gdb) p error $7 = {error_code = 5, hidden_0 = 0, hidden_1 = {0x0, 0x50f210, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa3a0010010a, 0x21d00000000, 0x620000001f, 0x300, 0xa5e00100001}, hidden_2 = "VAR 2 () cannot be expanded in this context with 1 instantiations\000<$\000\000\000\000\000\003\000\000\000\000\000\...@7\210\000\000\000\000\000\200�\205\000\000\000\000\000\t\000\000\002\000\000\000\000\200�\205\000\000\000\000\000[", '\0' <repeats 14 times>} -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
