http://bugzilla.novell.com/show_bug.cgi?id=630001
http://bugzilla.novell.com/show_bug.cgi?id=630001#c0 Summary: Mono doesn't validate sizes of heaps / streams Classification: Mono Product: Mono: Runtime Version: 2.6.x Platform: All OS/Version: All Status: NEW Severity: Minor Priority: P5 - None Component: misc AssignedTo: [email protected] ReportedBy: [email protected] QAContact: [email protected] Found By: --- Blocker: --- Created an attachment (id=381963) --> (http://bugzilla.novell.com/attachment.cgi?id=381963) zip containing example executables User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; pl; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729; .NET4.0E) I'm not sure if this should be regarded as a bug, but mono doesn't seem to validate sizes of heaps/streams. I'm not sure if this is in specification, but it seems that microsoft implementation doesn't allow two things: * streams cannot exceed metadata size, that is stream.offset + stream.size < meta.size (and probably also stream.offset < meta.size, although I'm not sure about that one) * streams cannot overlap: * end of a stream (stream.offset + stream.size) cannot fall into any other stream, * given stream cannot contain other stream I'm attaching two executables illustrating both problems. They run in mono, but doesn't run in ms .net runtime. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA contact for the bug. You are the assignee for the bug. _______________________________________________ mono-bugs maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-bugs
