http://bugzilla.novell.com/show_bug.cgi?id=581412
http://bugzilla.novell.com/show_bug.cgi?id=581412#c0 Summary: General comment on bounds checking Classification: Mono Product: Mono: Class Libraries Version: 2.6.x Platform: All OS/Version: All Status: NEW Severity: Normal Priority: P5 - None Component: System AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2) Gecko/20100218 Ubuntu/10.04 (lucid) Firefox/3.6 Howdy. I was looking at Socket and NetworkStream, but this might be more widespread... Bounds tend to be checked with: if (offset < 0 || offset > bufferLength) { throw ... } if (size < 0 || offset + size > bufferLength) { throw ... } Suppose offset were 1 and size were int.MaxValue. After the first check, the second really ought to be if (size < 0 || size > bufferLength - offset) { throw ... } Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
