http://bugzilla.novell.com/show_bug.cgi?id=558230
http://bugzilla.novell.com/show_bug.cgi?id=558230#c0 Summary: [verifier] SIGSEGV in mono_class_is_open_constructed_type on a bad assembly Classification: Mono Product: Mono: Runtime Version: 2.6.x Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: misc AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fd1a07c1710 (LWP 20431)] 0x00000000004135d7 in mono_class_is_open_constructed_type (t=0x0) at class.c:478 478 switch (t->type) { (gdb) bt #0 0x00000000004135d7 in mono_class_is_open_constructed_type (t=0x0) at class.c:478 #1 0x000000000044a1a5 in mono_metadata_get_generic_inst (type_argc=1, type_argv=0x863530) at metadata.c:2393 #2 0x000000000044b810 in mono_metadata_inflate_generic_inst (ginst=0x863620, context=0x87f268) at metadata.c:2507 #3 0x000000000041b7cd in inflate_generic_type (image=0x0, type=0x87f8d0, context=0x87f268, error=<value optimized out>) at class.c:571 #4 0x000000000041c96a in mono_type_retrieve_from_typespec (image=<value optimized out>, type_spec=<value optimized out>, context=0x87f268, did_inflate=0x7fffa87dfff4) at class.c:5095 #5 0x000000000041cc84 in mono_class_get_full (image=0x85da80, type_token=8795440, context=0x50da40) at class.c:5117 #6 0x000000000042f552 in mono_field_from_token (image=0x85da80, token=167772270, retklass=0x7fffa87e00a8, context=0x87f268) at loader.c:447 #7 0x000000000049488f in verifier_load_field (ctx=0x7fffa87e0310, token=167772270, out_klass=0x7fffa87e00f0, opcode=0x523f3b "stfld") at verify.c:826 #8 0x000000000049492e in check_is_valid_type_for_field_ops (ctx=0x0, token=8795440, obj=0x862bc0, ret_field=0x7fffa87e0128, opcode=0x2525252525252525 <Address 0x2525252525252525 out of bounds>) at verify.c:3542 #9 0x0000000000494fd3 in do_store_field (ctx=0x7fffa87e0310, token=167772270) at verify.c:3621 #10 0x000000000049a5fd in mono_method_verify (method=<value optimized out>, level=<value optimized out>) at verify.c:5525 #11 0x000000000040daed in main (argc=8430352, argv=<value optimized out>) at pedump.c:374 The loop calling mono_class_inflate_generic_type in mono_metadata_inflate_generic_inst (#2) does not check the result, which can be NULL on error, and then goes on to call mono_metadata_get_generic_inst (#1) with a vector that contains NULL values (which the code does not handle). The solution seems to change the call to use mono_class_inflate_generic_type_checked (easy) then deal with/propagate the error upward (less fun). -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
