Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XmlTextReader.Read throws ArgumentNullException #1409

Open
Metalnem opened this issue Feb 9, 2019 · 13 comments
Open

XmlTextReader.Read throws ArgumentNullException #1409

Metalnem opened this issue Feb 9, 2019 · 13 comments
Assignees
@imcarolwang
Labels
area-System.Xml bug
Projects
WCF Owned Areas
Milestone
Future

Comments

@Metalnem
Copy link

Metalnem commented Feb 9, 2019

DataContractSerializer.ReadObject sometimes throws ArgumentNullException. Here's the full program that reproduces this:

using System.IO;
using System.Runtime.Serialization;
using System.Text;

namespace CoreFX.Fuzz
{
  public class Program
  {
    [DataContract]
    private class Obj { }

    public static void Main(string[] args)
    {
      var xml = @"<Program.Obj xmlns=""http://schemas.datacontract.org/2004/07/CoreFX.Fuzz""><s:";
      var bytes = Encoding.UTF8.GetBytes(xml);
      var stream = new MemoryStream(bytes);
      var serializer = new DataContractSerializer(typeof(Obj));

      serializer.ReadObject(stream);
    }
  }
}

The stack trace:

Exception has occurred: CLR/System.ArgumentNullException
An unhandled exception of type 'System.ArgumentNullException' occurred in System.Private.Xml.dll: 'The empty string '' is not a valid local name.'
   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at System.Xml.XmlConvert.VerifyNCName(String name)
   at System.Xml.XmlUTF8TextReader.VerifyNCName(String s)
   at System.Xml.XmlUTF8TextReader.ReadQualifiedName(PrefixHandle prefix, StringHandle localName)
   at System.Xml.XmlUTF8TextReader.ReadStartElement()
   at System.Xml.XmlUTF8TextReader.Read()
   at System.Runtime.Serialization.XmlReaderDelegator.Read()
   at System.Runtime.Serialization.ClassDataContract.ReadXmlValue(XmlReaderDelegator xmlReader, XmlObjectSerializerReadContext context)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.ReadDataContractValue(DataContract dataContract, XmlReaderDelegator reader)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, DataContract& dataContract)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
   at System.Runtime.Serialization.DataContractSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(Stream stream)

The environment:

.NET Core SDK (reflecting any global.json):
 Version:   2.2.103
 Commit:    8edbc2570a

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.14
 OS Platform: Darwin
 RID:         osx.10.14-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.2.103/

Found via SharpFuzz.
@danmoseley
Copy link
Member

Questionable choice of exception for XML to throw on malformed XML.

@danmoseley
Copy link
Member

This type is actually internal to DCS.

@Lxiamail
Copy link
Member

Lxiamail commented Apr 3, 2019

We should throw a different exception other than ArgumentNullException. However, due to the issue is not reported by real world scenario, this is lower priority issue.

@StephenBonikowsky StephenBonikowsky transferred this issue from dotnet/corefx Jan 7, 2020
@Dotnet-GitSync-Bot Dotnet-GitSync-Bot added area-Serialization untriaged New issue has not been triaged by the area owner labels Jan 7, 2020
@StephenBonikowsky StephenBonikowsky added this to the Future milestone Jan 7, 2020
@StephenBonikowsky StephenBonikowsky added this to Future P2 (Backlog) in WCF Owned Areas Jan 7, 2020
@StephenBonikowsky StephenBonikowsky added bug and removed untriaged New issue has not been triaged by the area owner labels Jan 7, 2020
@maryamariyan maryamariyan added the untriaged New issue has not been triaged by the area owner label Feb 23, 2020
@StephenBonikowsky StephenBonikowsky removed the untriaged New issue has not been triaged by the area owner label Feb 28, 2020
@StephenBonikowsky
Copy link
Member

Simple fix, low priority scenario.
@imcarolwang Could you add this as something for your team to try fixing.

@StephenBonikowsky StephenBonikowsky removed this from the Future milestone Mar 5, 2020
@HongGit HongGit added this to the Future milestone Jul 1, 2020
@HongGit
Copy link
Contributor

HongGit commented Jul 1, 2020

@imcarolwang is this still on your radar?

@imcarolwang
Copy link
Contributor

I've checked this one but my "repro" only get part of the exception stack which doesn't throw ArgumentException, it's like below. I've run the repro project targeting .NETCore2.1, 2.2, 3.1, all get the same result.

System.Runtime.Serialization.SerializationException
HResult=0x8013150C
Message=Error in line 1 position 74. Expecting element 'Program.Obj' from namespace 'http://schemas.datacontract.org/2004/07/NetCoreApp1'.. Encountered 'Element' with name 'Program.Obj', namespace 'http://schemas.datacontract.org/2004/07/CoreFX.Fuzz'.
Source=System.Private.DataContractSerialization
StackTrace:
at System.Runtime.Serialization.DataContractSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(XmlDictionaryReader reader)
at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(Stream stream)

@HongGit
Copy link
Contributor

HongGit commented Oct 8, 2020

@Metalnem is this still an issue with you?

@danmoseley
Copy link
Member

@imcarolwang I just pasted this code in and ran it against latest 6.0 bits:

dan@danmose3:~/1$ ../dotnet/dotnet run
Unhandled exception. System.ArgumentNullException: The empty string '' is not a valid local name. (Parameter 'name')
   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at System.Xml.XmlConvert.VerifyNCName(String name)
   at System.Xml.XmlUTF8TextReader.VerifyNCName(String s)
   at System.Xml.XmlUTF8TextReader.ReadQualifiedName(PrefixHandle prefix, StringHandle localName)
   at System.Xml.XmlUTF8TextReader.ReadStartElement()
   at System.Xml.XmlUTF8TextReader.Read()
   at System.Runtime.Serialization.XmlReaderDelegator.Read()
   at System.Runtime.Serialization.ClassDataContract.ReadXmlValue(XmlReaderDelegator xmlReader, XmlObjectSerializerReadContext context)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.ReadDataContractValue(DataContract dataContract, XmlReaderDelegator reader)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, Type declaredType, DataContract& dataContract)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
   at System.Runtime.Serialization.DataContractSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(Stream stream)
   at CoreFX.Fuzz.Program.Main(String[] args) in /home/dan/1/Program.cs:line 19

it is not fixed.

@danmoseley
Copy link
Member

XmlTextReader.Read() is only documented to throw XmlException. Moving to Xml path.

@danmoseley danmoseley added area-System.Xml untriaged New issue has not been triaged by the area owner and removed area-Serialization labels Oct 9, 2021
@ghost
Copy link

ghost commented Oct 9, 2021

Tagging subscribers to this area: @dotnet/area-system-xml
See info in area-owners.md if you want to be subscribed.

Issue Details

DataContractSerializer.ReadObject sometimes throws ArgumentNullException. Here's the full program that reproduces this:

using System.IO;
using System.Runtime.Serialization;
using System.Text;

namespace CoreFX.Fuzz
{
  public class Program
  {
    [DataContract]
    private class Obj { }

    public static void Main(string[] args)
    {
      var xml = @"<Program.Obj xmlns=""http://schemas.datacontract.org/2004/07/CoreFX.Fuzz""><s:";
      var bytes = Encoding.UTF8.GetBytes(xml);
      var stream = new MemoryStream(bytes);
      var serializer = new DataContractSerializer(typeof(Obj));

      serializer.ReadObject(stream);
    }
  }
}

The stack trace:

Exception has occurred: CLR/System.ArgumentNullException
An unhandled exception of type 'System.ArgumentNullException' occurred in System.Private.Xml.dll: 'The empty string '' is not a valid local name.'
   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at System.Xml.XmlConvert.VerifyNCName(String name)
   at System.Xml.XmlUTF8TextReader.VerifyNCName(String s)
   at System.Xml.XmlUTF8TextReader.ReadQualifiedName(PrefixHandle prefix, StringHandle localName)
   at System.Xml.XmlUTF8TextReader.ReadStartElement()
   at System.Xml.XmlUTF8TextReader.Read()
   at System.Runtime.Serialization.XmlReaderDelegator.Read()
   at System.Runtime.Serialization.ClassDataContract.ReadXmlValue(XmlReaderDelegator xmlReader, XmlObjectSerializerReadContext context)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.ReadDataContractValue(DataContract dataContract, XmlReaderDelegator reader)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, DataContract& dataContract)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
   at System.Runtime.Serialization.DataContractSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(Stream stream)

The environment:

.NET Core SDK (reflecting any global.json):
 Version:   2.2.103
 Commit:    8edbc2570a

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.14
 OS Platform: Darwin
 RID:         osx.10.14-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.2.103/

Found via SharpFuzz.

Author: Metalnem
Assignees: -
Labels:

bug, area-System.Xml, untriaged
Milestone: Future

@danmoseley danmoseley changed the title DataContractSerializer.ReadObject throws ArgumentNullException XmlTextReader.Read throws ArgumentNullException Oct 9, 2021
@jeffschwMSFT jeffschwMSFT removed the untriaged New issue has not been triaged by the area owner label Oct 11, 2021
@krwq
Copy link
Member

krwq commented Oct 12, 2021

@Metalnem do you feel like sending PR with a tiny test? I can help with that if needed

@HongGit HongGit moved this from Future (Backlog) to 7.0 in WCF Owned Areas Aug 7, 2022
@Woodpile37 Woodpile37 mentioned this issue Mar 21, 2023
Merged
@StephenMolloy
Copy link
Member

@imcarolwang - If this still repros, System.Xml.XmlUTF8TextReader.VerifyNCName should be null-checking before going forward and throwing an XmlException instead.

@imcarolwang
Copy link
Contributor

imcarolwang commented Jul 7, 2023
edited

@StephenMolloy, I haven't been able to reproduce this issue, on my repro environment, the stack trace seems missing some details than reported in issue, the exception is System.Runtime.Serialization.SerializationException, not ArgumentNullException, like I pasted before even on net6.0, do I miss something in repro the bug? I tried to run the code on both Windows and Ubuntu OS, I am not sure if it has difference than on Mac OS ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@imcarolwang imcarolwang

Labels
area-System.Xml bug
Projects
WCF Owned Areas
7.0
Milestone
Future
Development

No branches or pull requests