New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read) #5285

Merged
merged 3 commits into from Aug 7, 2017

Conversation

Projects
None yet
6 participants
@cherusker
Contributor

cherusker commented Jul 30, 2017

While testing Clang's AddressSanitizer, I found and fixed a buffer overflow.

Up for discussion: it might be worth importing strlcpy (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string/strlcpy.c?rev=1.11) for similar purposes as it provides additional safety and also helps with the readability?

@cherusker cherusker requested review from kumpera and luhenry as code owners Jul 30, 2017

@dnfclas

This comment has been minimized.

dnfclas commented Jul 30, 2017

@cherusker,
Thanks for having already signed the Contribution License Agreement. Your agreement was validated by .NET Foundation. We will now review your pull request.
Thanks,
.NET Foundation Pull Request Bot

@@ -204,30 +204,33 @@ mono_native_thread_set_name (MonoNativeThreadId tid, const char *name)
if (!name) {
pthread_setname_np ("");
} else {
char n [63];
size_t len = 63;
char n [len];

This comment has been minimized.

@alexrp

alexrp Jul 30, 2017

Member

VLAs are not supported by MSVC. Just use alloca.

This comment has been minimized.

@cherusker

cherusker Jul 30, 2017

Contributor

Sure, I 'll change it to alloca!
Generally, however: isn't mono-threads-windows.c used when MSVC is involved? Also the CI windows machines don't really complain about it?

@lewurm

This comment has been minimized.

Member

lewurm commented Jul 30, 2017

isn't that an information leak instead of a buffer overflow?

regardless, good find :)

@cherusker

This comment has been minimized.

Contributor

cherusker commented Jul 30, 2017

Good point! ASan refers to it as "overflow" and I didn't really question it - Wikipedia calls is "over-read" ... :D But yes - food! That was an easy one though, the rest needs more thorough inspection ;)

@cherusker cherusker changed the title from [mono-threads-posix] Fix a buffer overflow to [mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read) Jul 30, 2017

@luhenry

This comment has been minimized.

Member

luhenry commented Aug 1, 2017

How is that a overflow?

@lewurm

This comment has been minimized.

Member

lewurm commented Aug 1, 2017

strncpy reads from src either the specified length or until it hits \0. memcpy doesn't look at the content of src, so it always copies the len bytes.

@lewurm

lewurm approved these changes Aug 1, 2017

@luhenry

Thanks @lewurm, it makes sense

@cherusker could you revert the alloca and the size_t len , we can keep the previous code as the sizeof(char) is always 1, so we can keep sizeof in place of len.

@cherusker

This comment has been minimized.

Contributor

cherusker commented Aug 1, 2017

@luhenry sure, I will add a fix-revert commit tomorrow morning! :)
... the idea behind len was to improve the readability and to avoid the consecutive use of sizeof. However, as I totally agree, this did not work out particularly well.

cherusker added some commits Jul 30, 2017

Fix a buffer overflow in mono_native_thread_set_name ()
- `char *name` can be a string of any length
- `memcpy` copies exactly `n` bytes which leads to reading unauthorised memory

@cherusker cherusker force-pushed the cherusker:cherusker-2017-07-30-play-with-asan branch from 3d5f84d to 2de3b32 Aug 2, 2017

@cherusker cherusker force-pushed the cherusker:cherusker-2017-07-30-play-with-asan branch from 2de3b32 to 6d73614 Aug 2, 2017

@lewurm

This comment has been minimized.

Member

lewurm commented Aug 2, 2017

@monojenkins squash

@monojenkins

This comment has been minimized.

Contributor

monojenkins commented Aug 7, 2017

cannot squash:

  • "Linux i386" state is "success"
  • "Linux x64" state is "success"
  • "OS X i386" state is "success"
  • "OS X x64" state is "failure"
  • "Windows i386" state is "success"
  • "Windows x64" state is "failure"

@monojenkins monojenkins merged commit 757741b into mono:master Aug 7, 2017

12 checks passed

API Diff No public API changes found.
Details
Linux AArch64 Build finished. 46620 tests run, 1408 skipped, 0 failed.
Details
Linux ARMv5 soft float Build finished. 46590 tests run, 1403 skipped, 0 failed.
Details
Linux ARMv7 hard float Build finished. 46590 tests run, 1403 skipped, 0 failed.
Details
Linux i386 Build finished. 46623 tests run, 1400 skipped, 0 failed.
Details
Linux x64 Build finished. 46623 tests run, 1402 skipped, 0 failed.
Details
Linux x64 FullAOT Build finished. 20903 tests run, 528 skipped, 0 failed.
Details
OS X i386 Build finished. 45380 tests run, 1283 skipped, 0 failed.
Details
OS X x64 Build finished. 45702 tests run, 1285 skipped, 0 failed.
Details
Test Result Viewer Click to view aggregated test results (Xamarin internal).
Details
Windows i386 Build finished. 40405 tests run, 1111 skipped, 0 failed.
Details
Windows x64 Build finished. 40427 tests run, 1113 skipped, 0 failed.
Details

@cherusker cherusker deleted the cherusker:cherusker-2017-07-30-play-with-asan branch Aug 10, 2017

baulig added a commit to baulig/mono that referenced this pull request Aug 11, 2017

Sync with master commit 9d84dcb.
Squashed commit of the following:

commit 3e467ad5b909d9fc11ffa371cb54697704407549
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Wed Aug 9 20:04:55 2017 +0200

    Revert "[runtime] Avoid building a separate static library, use the shared object files for the static library as well. (mono#5233)"

    This reverts commit 56a1881.

    It caused a consistent test error on ARM64:
    https://jenkins.mono-project.com/job/test-mono-mainline-linux/label=debian-8-arm64/2810/testReport/regression-tests/dummy/MonoTests_regressions_100percentsuccess/

commit fe61700b171d34aaf8158236e390a81485e3fdc7
Author: Bernhard Urban <bernhard.urban@xamarin.com>
Date:   Wed Aug 9 19:57:44 2017 +0200

    Update CODEOWNERS

commit 3d4eace8e0132e1dece53ebf5542e5519c2c1e42
Author: Bernhard Urban <bernhard.urban@xamarin.com>
Date:   Wed Aug 9 19:49:43 2017 +0200

    [interp] builtin types (mono#5339)

    * [interp] support System.{nint,nuint,nfloat} (64bit only so far)

    * [interp] 32bit support for System.{nint,nuint,nfloat}

    * [fixup] explain mint_niy

commit 092f0d62d363c0288d34fc69e616b6d0e9639f56
Author: Martin Baulig <mabaul@microsoft.com>
Date:   Wed Aug 9 12:27:28 2017 -0400

    [System]: Fix memory leak in AppleTls. (mono#5305)

    * [System]: Fix memory leak in AppleTls.

    * Apply Miguel's patch to use GCHandleType.Weak.

    * Actually assign context.

commit 5153772cecdbd5c02f1a7d4f5b9612135590f422
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Wed Aug 9 03:03:50 2017 +0200

    Default powerpc to mcs instead of roslyn (mono#5326)

    It is crashing still way more than it works and now that the mcs
    configuration works again we should default to that to make our CI
    more pleasant.

commit 46be9b11382c0c24a548f07227d21ede3ca8fd7f
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Tue Aug 8 19:56:21 2017 -0400

    [runtime] Remove ves_icall_object_new_fast (), its only a bit faster than object_new_specific (), fast allocation is done by the managed allocators. Also remove mono_class_get_allocation_ftn () which is not needed anymore. (mono#5304)

commit 47c286aef72eaf46465467a5e8499f1c1d4b75af
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Tue Aug 8 19:54:51 2017 -0400

    [btls] Compile btls using ninja if available. (mono#5333)

commit 4e9f0cb02de1c9f6849d326d1804db26789942af
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Tue Aug 8 14:45:37 2017 -0400

    [eglib] (goutput.c) Revert Android logging host-target change

    Revert part of 590473d - the Android-specific
    logging in eglib/goutput.c should be used when the host is Android, not the
    target.

commit cfc841e409dee686b2e64517fb67ccd09fc45f8a
Author: Eberhard Beilharz <eb1@sil.org>
Date:   Wed Feb 15 11:15:05 2017 +0100

    Fix allocation of memory to match the way it gets freed

    Since we use g_free() to free the memory we should use g_malloc()
    to allocate it.

commit df5a4bae96fd9da29dcdcad7e643a188c81d49aa
Author: Damien Daspit <damien_daspit@sil.org>
Date:   Thu Nov 17 10:47:47 2016 +0700

    [runtime] Fix bug when marshaling COM interfaces in arrays

    * use the correct COM interface when creating native array
    * do not free CCWs when freeing the native array

    This fixes Xamarin-47560.

commit 70ae46b83fdc9cd5dc987f3ecff7d81b933486c2
Author: Eberhard Beilharz <eb1@sil.org>
Date:   Fri Feb 10 17:24:49 2017 +0100

    [runtime] Unit test for Xamarin-47560

commit 7977a8719b1e7d66ea55156e788c13f5bfaa7342
Author: Uri Simchoni <urisimchoni@users.noreply.github.com>
Date:   Tue Aug 8 23:38:25 2017 +0300

    Fix xdebug (mono#5309)

    * [mini] fix xdebug null pointer dereferencing

    Some trampolines are nameless, avoid crashing when generating their
    debug info.

    This change is released under the MIT license.

    * [mini]: image-writer - move definition of USE_BIN_WRITER to header file

    USE_BIN_WRITER is being used by xdebug for conditional compilation.

    This change is released under the MIT license.

    * [mini]: xdebug - obtain definition of USE_BIN_WRITER from header file

    This re-enables xdebug on supported platforms.

    This change is released under the MIT license.

commit 1ae8d32403821af28726b985abd2dea4147e63a0
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Tue Aug 8 16:35:54 2017 -0400

    [runtime] Fix a case where klass->blittable was written without holding the loader locked. (mono#5331)

commit 4b09e09b234e3a8ad02c918b69022850d806597e
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Tue Aug 8 16:35:06 2017 -0400

    [btls] Enable ccache support for cmake. (mono#5332)

commit fbab63a0dd6d5c69fb882096c3fed1ad17b25de8
Author: Michael DeRoy <michaelde@unity3d.com>
Date:   Tue Aug 8 09:59:51 2017 -0400

    add #if MONO around change to make it easier for merging upstream referencesource changes for the xamaran folks

commit cd9c8945465e6939d45f08d073a22fa67b9f0c90
Author: Michael DeRoy <michaelde@unity3d.com>
Date:   Mon Aug 7 22:26:11 2017 -0400

    Call array sort function that takes comparison instead rather than allocating for a wrapper struct

commit a3f33083be12537d4d16edd9f72b20806be367ea
Author: Mikhail Filippov <Mikhail.Filippov@jetbrains.com>
Date:   Tue Aug 8 16:58:56 2017 +0300

    Add implementation and tests for SizeValueSerializer

commit d5110d402df745db48132a5c9ec7a587f54b1bd8
Author: Marek Safar <marek.safar@gmail.com>
Date:   Tue Aug 8 16:35:26 2017 +0200

    [mcs] Soften referenced assemblies unification rules. Fixes #58621

commit afbbd410200cd7938616032b18e3a1372a446c9c
Author: nosami <jasonimison@gmail.com>
Date:   Tue Aug 8 12:32:12 2017 +0100

    Bump F# to 4.1.25 and remove already merged patches

commit c912ff08a1508f8a5e92402966e5730cf11cfdb4
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Tue Aug 8 11:56:55 2017 +0200

    Bump API snapshot

commit 24880ae13b1fc7ee56dc75f4d66533815cb40bc3
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Mon Aug 7 23:48:52 2017 -0400

    [runtime] Avoid building a separate static library, use the shared object files for the static library as well. (mono#5233)

commit b4cebd6b9bd66e6b1003f5dd1809abc4f3192b86
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Mon Aug 7 17:44:02 2017 -0400

    [jit] Remove unused mono_arch_print_tree () function. (mono#5258)

commit 55aa41a5aa4b925e68660690ca0c3cf34f7e2544
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Mon Aug 7 17:19:30 2017 -0400

    [runtime] Remove empty eglib/ dir.

commit c4611ee3a7236ec6491ce637b253d32ed859574d
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Mon Aug 7 17:14:31 2017 -0400

    [runtime] Move eglib into mono/eglib so it becomes a convenience library similar to utils/ etc. (mono#5297)

commit f40dac4adc075327a8f6688e9b681587fd2133f3
Author: Alex Rønne Petersen <alpeters@microsoft.com>
Date:   Mon Aug 7 22:30:59 2017 +0200

    [profiler] Split method_leave callback into a method_tail_call callback.

    With this, profilers can distinguish between the two, and also know what the
    target method of a tail call is.

    The call instrumentation flags have been renamed accordingly and a new flag has
    been added for instrumenting tail calls. I've also added a flag for exceptional
    leave events, and method_exception_leave is only raised if this flag is given
    for a method.

    Also refactored the relevant JIT code a bit so it's easier to follow.

commit f5964ff34c3214bace57ab4416ab0b0b6374fcbf
Author: Alex Rønne Petersen <alpeters@microsoft.com>
Date:   Mon Aug 7 22:28:15 2017 +0200

    [profiler] Mark generated raise functions as ICALL_DECL_EXPORT.

    This is currently needed for method_enter, method_leave, and gc_allocation.

commit b6f9b95766fc5223cf6310f3045ef6dc09a09bc8
Author: Alex Rønne Petersen <alpeters@microsoft.com>
Date:   Mon Aug 7 22:27:49 2017 +0200

    [runtime] Declare MonoProfilerCallContext::return_value offset.

commit 9643b1266d4a3b309fb6218d8ed19f5db9acc52a
Author: Alex Rønne Petersen <alpeters@microsoft.com>
Date:   Mon Aug 7 22:27:10 2017 +0200

    [runtime] Add ICALL_DECL_EXPORT.

    ICALL_EXPORT is only used on function definitions, not declarations.

commit 5869f87eff3a667bf4139ae0cc5198523d8065e1
Author: Alex Rønne Petersen <alexrp@xamarin.com>
Date:   Sat Aug 5 18:49:56 2017 +0200

    [profiler] Properly clean up the resources used by the profiler API on shutdown.

    Also introduce mono_profiler_set_cleanup_callback ().

commit ad01f1d8f55b156eacda0a350eb1e63461cd9337
Author: Alex Rønne Petersen <alexrp@xamarin.com>
Date:   Sat Aug 5 18:18:54 2017 +0200

    [profiler] Some improvements to the code coverage API.

    Code coverage must now be explicitly enabled. This simplifies initialization
    of some coverage-related structures and also lets us enable debug info which
    is needed to produce good data.

    Also change the signature of mono_profiler_get_coverage_data so it returns a
    value indicating whether coverage data was available.

commit 9dbdb066811859859178afd177fc8e31e088c0f2
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Mon Aug 7 22:13:59 2017 +0200

    [msvc] Update csproj files

commit 9f5f5de05f04e30f748941f4bacf7839ad351149
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Mon Aug 7 17:54:30 2017 +0200

    [genproj] Simplify strong name key handling

    It doesn't need to be in a separate PropertyGroup.

commit 3b8aaab5c039b8b9adfb1dc0386334b729293ac5
Author: Armin Hasitzka <cherusker@users.noreply.github.com>
Date:   Mon Aug 7 21:10:32 2017 +0200

    [mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read) (mono#5285)

    [mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read)

    While testing Clang's AddressSanitizer, I found and fixed a buffer overflow.

    Up for discussion: it might be worth importing `strlcpy` (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string/strlcpy.c?rev=1.11) for similar purposes as it provides additional safety and also helps with the readability?

commit 77c575bd83a1f1df6701203125259df99a139a86
Author: Uri Simchoni <uri@vfunction.com>
Date:   Mon Aug 7 07:39:12 2017 +0300

    [profiler] Avoid instrumenting inlined methods

    An inlined method does not require instrumentation (if it
    did, it would not have been inlined). The flags that
    control instrumentation options are valid for the caller
    method and are not to be consulted.

    This patch replaces an assertion with a check and early
    return. A method that "wants to be instrumented" does not
    get inlined, but a method that "doesn't want to be instrumented"
    can get inlined. However, the flags that control instrumention
    options have been calculated against the caller method, hence
    they should not be consulted at all. The extra check renders
    the assertion unnecessary.

commit 14746c0ddbc7a9e10603cd932c3619d21fa97923
Author: Uri Simchoni <uri@vfunction.com>
Date:   Sun Aug 6 12:57:39 2017 +0300

    [profile] set the "no profiling" bitmask equal to zero

    This makes constructs such as "if (!mono_profiler_get_call_instrumentation_flags(methos))"
    correct. See mono_method_check_inlining()

commit 63286701d8d1eba44d692118030ee268876deb4e
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Mon Aug 7 17:09:34 2017 +0200

    [System.ServiceModel.Web] Simplify AssemblyInfo.cs

    We don't need separate AssemblyInformationalVersion for mobile and
    non-mobile.

commit 11bee9937cf54596a27fbe72021d4aff27d6b837
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Mon Aug 7 16:28:47 2017 +0200

    [ci] Add CI_TAGS option for --disable-mcs-build

    Useful if you don't want to build the class libraries e.g. for
    some static analysis of the runtime.

commit 652fa4df3634605ed1efc336c37a91784528c212
Author: Ludovic Henry <ludovic@xamarin.com>
Date:   Mon Aug 7 16:03:24 2017 +0200

    Bump version to 5.7 (mono#5325)

commit 7058000b102c2a8965cbf7005d127d3f2f169a40
Author: Ludovic Henry <ludovic@xamarin.com>
Date:   Mon Aug 7 15:52:12 2017 +0200

    [w32handle] Remove use of w32handle for File, Console, Pipe and Socket (mono#5319)

    * [w32file] Remove io_ops indirection

    * [w32file] Replace use of w32handle by a GHashTable for File, Console and Pipe

    * [Socket] Avoid relying on MonoIO.DuplicateHandle

    * [w32socket] Remove force closing of sockets on shutdown

    * fixup! [Socket] Avoid relying on MonoIO.DuplicateHandle

    * [w32socket] Replace use of w32handle by a GHashTable

    * [w32handle] Remove dead function mono_w32handle_new_fd

    * fixup! [w32file] Replace use of w32handle by a GHashTable for File, Console and Pipe

    * [w32handle] Remove dead variable mono_w32handle_fd_reserve

    * [fdhandle] Factor w32file and w32socket common fdhandle code

    * fixup! [Socket] Avoid relying on MonoIO.DuplicateHandle

    * [w32socket] Fix GC safe/unsafe transitions

    * fixup! [w32handle] Remove dead variable mono_w32handle_fd_reserve

commit dc3455d895f82e5bb5055f0be15c698f19c80b42
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Mon Aug 7 14:31:57 2017 +0200

    [eglib] Add back NEWS file, it's required for the tarball

commit 6397450850b487758d4698b9e0396c9cd4a1e008
Author: Ludovic Henry <ludovic@xamarin.com>
Date:   Mon Aug 7 14:30:20 2017 +0200

    Revert "Bump version to 5.7"

    This reverts commit 82eafc0.

commit 43149b7ac6a9f32af6b51f4b7f4ce15455373325
Author: Ludovic Henry <ludovic@xamarin.com>
Date:   Mon Aug 7 14:19:35 2017 +0200

    Bump version to 5.7

commit 4ff901c7df7bd6f17e641374a571096a7aebac2d
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Mon Aug 7 14:11:59 2017 +0200

    [System.Drawing] Simplify mobile profile check

commit 38e93584dab7fa221e750010496dbb9cf6e768f5
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Mon Aug 7 08:03:48 2017 -0400

    [bcl] Specify the name of the key file on the command line instead of using the AssemblyKeyFile attribute for consistency and to make it easier to do path name manipulation on the file name. (mono#5316)

commit c5b5dc6b6e63ba6cd6607ff71b51760074af0121
Author: Uri Simchoni <uri@vfunction.com>
Date:   Sun Aug 6 13:20:01 2017 +0300

    [profiler] fixes to profiler sample

    - Fix the Linux build instructions.
    - Remove eglib dependencies, as they complicate the build of an
      extenral module.
    - Make instance static instead of heap-allocated.
    - Make the call counter 64 bits.
    - Adjustments to accommodate the new profiling API.

commit 8e37f54113f6046a3cc27b9d8047ebf5e52ae6ce
Author: Ludovic Henry <ludovic@xamarin.com>
Date:   Sat Aug 5 12:59:08 2017 -0400

    Revert "[w32handle] Remove use of w32handle for File, Console, Pipe and Socket (mono#5283)" (mono#5318)

    This reverts commit 7873509.

commit 5250be078dbdab6aad4cea317cd768059aabcd02
Author: Ludovic Henry <ludovic@xamarin.com>
Date:   Sat Aug 5 12:51:15 2017 -0400

    [w32handle] Remove use of w32handle for File, Console, Pipe and Socket (mono#5283)

    * [w32file] Remove io_ops indirection

    * [w32file] Replace use of w32handle by a GHashTable for File, Console and Pipe

    * [Socket] Avoid relying on MonoIO.DuplicateHandle

    * [w32socket] Remove force closing of sockets on shutdown

    * fixup! [Socket] Avoid relying on MonoIO.DuplicateHandle

    * [w32socket] Replace use of w32handle by a GHashTable

    * [w32handle] Remove dead function mono_w32handle_new_fd

    * fixup! [w32file] Replace use of w32handle by a GHashTable for File, Console and Pipe

    * [w32handle] Remove dead variable mono_w32handle_fd_reserve

    * [fdhandle] Factor w32file and w32socket common fdhandle code

    * fixup! [Socket] Avoid relying on MonoIO.DuplicateHandle

    * [w32socket] Fix GC safe/unsafe transitions

    * fixup! [w32handle] Remove dead variable mono_w32handle_fd_reserve

commit a366687a35d0ab6056963a688cabebce48ea05f8
Author: Marek Safar <marek.safar@gmail.com>
Date:   Sat Aug 5 00:21:43 2017 +0200

    Bump boostrap mono dependency

commit 368a4db84ca38e7e43c9fc49048e67345640f321
Author: Marek Safar <marek.safar@gmail.com>
Date:   Sat Aug 5 00:18:59 2017 +0200

    Bump corefx

commit 6ec49ee9886518818a60e59c8d2338c64b29d40c
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Sat Aug 5 02:10:21 2017 +0200

    [ci] Disable corlib-xunit on Windows for now

    It seems to fail.

commit ef658d3bfc5e08f65eba4ba6d92fc231546a723f
Author: Marek Safar <marek.safar@gmail.com>
Date:   Fri Aug 4 23:48:16 2017 +0200

    [mcs] Adds handling for declared variables from while loop condition

commit 53347ed8c07b3aab4398c360a44c9abe637eddc3
Author: monojenkins <jo.shields+jenkins@xamarin.com>
Date:   Fri Aug 4 18:15:39 2017 +0000

    Bump API snapshot submodule

commit 29736703e5325274d7d28215d668ac2406bf4697
Author: Marek Safar <marek.safar@gmail.com>
Date:   Fri Aug 4 16:40:16 2017 +0200

    Bump cecil and linker

commit 2798c739df60d86d7b2e022753a72d3682fad4e9
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Thu Aug 3 17:53:34 2017 -0400

    [test] (corlib) Enable more xtest SRE tests

    - MethodBuilderDefineParameter
    - ConstructorBuilderDefineParameter
    - FieldBuilderSetCustomAttribute
    - GenericTypeParameterBuilderSetCustomAttribute
    - FieldBuilderSetOffset
    - ModuleBuilderDefineInitializedData
    - ModuleBuilderDefineUninitializedData

commit 970ea12ef9f7d7262b93bc5c80a5256a2a12e03b
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Fri Aug 4 15:17:03 2017 -0400

    [sre] ModuleBuilder.DefineUnitializedData argument checks

    1. Fix off by one in size check.
      Largest usable size is 0x3effff, first unusable size is 0x3f0000
      (Also change order of ArgumentException arguments - param name is second.
       Set it to null because of misguided CoreFX SRE test that expects a null name)
    2. Check for empty string field name.

commit 28dca7db708b67cf8ed7112b5854287ba6e54663
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Fri Aug 4 13:52:43 2017 -0400

    [sre] negative FieldBuilder.SetOffset should throw ArgumentException

commit a6cc2fa11f2c281deb6c364cb786f54aac0cf569
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Fri Aug 4 12:32:09 2017 -0400

    [sre] Add explicit null checks of CustomAttributeBuilder arguments

commit c1fecd3009e6697e172873a44dfc46cb06f74ab7
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Thu Aug 3 18:18:59 2017 -0400

    [sre] ConstructorBuilder.DefineParamter(0,...) shouldn't throw

    .NET Framework says:

    > If you specify 0 (zero) for iSequence, this method returns a ParameterBuilder
    >  instead of throwing an exception. There is nothing useful that you can do
    >  with this ParameterBuilder.

    So let's do that.

commit c5ca3a6000ec0e9104af295c4cea8d5e44b38799
Author: Alex Rønne Petersen <alex@alexrp.com>
Date:   Fri Aug 4 21:05:12 2017 +0200

    [runtime] Install profiler-events.h as a public header.

commit d2893f83be6da3a7cb9f68217ddbd5b31995f5e8
Author: Alexander Köplinger <alex.koeplinger@outlook.com>
Date:   Fri Aug 4 20:22:50 2017 +0200

    [bcl] Grab free ports randomly in NetworkHelpers (mono#5312)

    * [bcl] Grab free ports randomly in NetworkHelpers

    We're frequently seeing "address already in use" errors on Jenkins.

    The theory is that when we're running tests and grab the next free
    port via our custom NetworkHelpers we're getting a port which will
    also be returned to a simultaneously running test (e.g. another chroot)
    because we're closing the TcpListener and thus releasing the port until
    we start using it in actual test code. By that time the other test
    might've already opened the port, causing our test to fail.

    Instead we now try to use a random port in the range 10000-60000
    and try if it's available. This doesn't completely fix the inherent
    race but should hopefully make it way less likely.

commit f79622d208f6ce70a9de564468fe1f1332678d6d
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Thu Aug 3 17:51:47 2017 -0400

    [sre] Throw ArgumentOutOfRange exn in MethodBuilder.DefineParameter if called
    before SetParameters.

    Fixes xunit testpoint MethodBuilderDefineParameter:DefineParameter_NoParameters_NonZeroPosition_ThrowsArgumentOutOfRangeException

commit bcb1e65f510e2c3a66440953d88cef7adca0695e
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Fri Aug 4 11:39:28 2017 -0400

    [btls] Disable BUILD_SHARED_LIBS while building boringssl, so its symbols are not exported from the btls shared lib. (mono#5307)

commit a815a3a1dcc1ab8ab3e3ff48aeeedcd65d1986b4
Author: Marek Safar <marek.safar@gmail.com>
Date:   Fri Aug 4 15:15:14 2017 +0200

    [mcs] Fixes codegen for type pattern matching in probing expressions over hoisted local variables

commit 4f7e3786028fb2c2dcd48febf7a08cfa2bc9a38a
Author: Marek Safar <marek.safar@gmail.com>
Date:   Fri Aug 4 13:30:06 2017 +0200

    [mcs] Flow analysis on reduced expressions need to run on original expression

commit fb20b6ec98a37d78afa768c7947ff9510f29c309
Author: Marek Safar <marek.safar@gmail.com>
Date:   Fri Aug 4 10:52:23 2017 +0200

    [mcs] Warnings clean up

commit 6fbc374b185e12575af5c78c7f76067ca0820d97
Author: Marek Safar <marek.safar@gmail.com>
Date:   Fri Aug 4 00:24:38 2017 +0200

    [mcs] Pending implementation of accessors cannot hide base implementation with different member type

commit b99d6d994ef33b846c18864a40d2d964e55aa610
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Thu Aug 3 17:31:15 2017 -0400

    [ci] (run-test-default) Run the corlib xunit tests

commit b2402b0e937637033b5a467a4ad6c8d6b91e22cc
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Tue Aug 1 12:40:23 2017 -0400

    [test] (corlib) Use CoreFX System.Reflection.Emit xunit tests

commit 8657d0d2cee5b99756fb719b3c0eaf1ff816c16e
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Thu Aug 3 13:29:48 2017 -0400

    [custom_attrs] Add bounds checking to mono_reflection_create_custom_attr_data_args

    and load_cattr_value_boxed

commit 306366d597d6fe28373e2dfae37a17d574e5f003
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Thu Aug 3 12:21:10 2017 -0400

    [custom_attrs] Add bounds checking to load_cattr_value

commit c6de6414dfa781c7fa2efb1d371d1cd79d4bd61f
Author: Aleksey Kliger <aleksey@xamarin.com>
Date:   Wed Aug 2 17:32:23 2017 -0400

    [custom_attrs] Add (some) bounds checking to create_custom_attr

    In principle, mono_verifier_verify_cattr_content should prevent malformed custom
    attribute blobs from being passed in here.

    In practice:

    1. The verifier is not on by default

    2. System.Reflection.Emit allows an arbitrary byte[] to be passed in which
       means that code like this can cause mono to read past the end of the array.

       ```
       // "1 1-byte constructor argument and then 65280 named properties follow"
       assembly.SetCustomAttribute(constructor, new byte[] { 1, 0, 1, 0x00, 0xFF });
       var attributes = assembly.GetCustomAttributes(true);
       ```

commit 121e49d663242d806d4451b984557b64b225c2e6
Author: Marek Safar <marek.safar@gmail.com>
Date:   Thu Aug 3 17:09:32 2017 +0200

    Updates codeowners

commit e14304fc68164646bffab3fefed88f0d9b6d16b5
Author: Ankit Jain <ankit.jain@xamarin.com>
Date:   Wed Aug 2 12:14:36 2017 -0400

    [msbuild] Add option to nuget-hash-extractor to generate a list of the

    .. denied assemblies usable by a msbuild task for filtering them.

commit 64f09b87e60e8c3a462f08df26c31f9a2aaa8724
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Wed Aug 2 20:37:54 2017 -0400

    Bump ikdasm.

commit 69d3047246d14b06e60dfa4bbdd62cfdc543e26c
Author: Vlad Brezae <brezaevlad@gmail.com>
Date:   Thu Aug 3 02:22:52 2017 +0300

    [tests] Disable test on llvm

    On llvm aborts can happen during finally blocks. This test was not failing before because the method in question had llvm disabled, which has recently changed.

commit a928236e3d08b76c942da63523e0fe8216b06606
Author: Alex Rønne Petersen <alexrp@xamarin.com>
Date:   Wed Aug 2 23:10:57 2017 +0200

    [profiler] Fix MonoProfilerState::context_free_buffer type.

commit 1e8260d02136a10fa58b78e2222f2e6bf61d6106
Author: Atsushi Eno <atsushieno@gmail.com>
Date:   Tue Aug 1 15:33:55 2017 +0900

    [mono-api-html] Fix bogus IgnoreParameterNameChanges behavior.

    It never ignored parameter name changes. Make the entire code just simple.

commit 297b0a76d3203c6d23128d6840d7d6f497d82548
Author: cherusker <prince.cherusker@gmail.com>
Date:   Tue Aug 1 12:59:34 2017 +0200

    Fix racy `next_generic_inst_id`
    - as discussed in https://bugzilla.xamarin.com/show_bug.cgi?id=58423
    - in addition, unify `int` and `guint` into `gint32` which can be used flawlessly with `InterlockedIncrement ()`

commit 35a9d7d7c2c36f1dc4b5e5a70f762371f439f242
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Wed Aug 2 02:58:41 2017 -0400

    [bcl] Fix Delegate.GetHashCode () so it takes into account the target too. Fixes #58399. (mono#5296)

commit c0fc6d6e2d4569ac1b5e5f42f2a144c592f31c2c
Author: Zoltan Varga <vargaz@gmail.com>
Date:   Wed Aug 2 02:08:17 2017 -0400

    [runtime] Fix msvc build.

commit b23c85829a99827268d6eadfcb7ed01abc86d556
Author: Vlad Brezae <brezaevlad@gmail.com>
Date:   Wed Aug 2 02:37:35 2017 +0300

    Update CODEOWNERS

commit 2bfdfbc5f083b89fa1512cbe8f2a09ee0efcf339
Author: Martin Baulig <mabaul@microsoft.com>
Date:   Tue Aug 1 17:33:19 2017 -0400

    [offset-tool]: Add MonoProfilerCallContext to MonoAotOffsetsDumper.

commit 2c5ad70ead2aef48bbd78e464d6ded4dcb00f476
Author: Martin Baulig <mabaul@microsoft.com>
Date:   Tue Aug 1 13:54:27 2017 -0400

    Add myself to CODEOWNERS.

alexanderkyte added a commit to alexanderkyte/mono that referenced this pull request Aug 13, 2017

[mono-threads-posix] Fix a buffer overflow (rather an information lea…
…k / over-read) (mono#5285)

[mono-threads-posix] Fix a buffer overflow (rather an information leak / over-read)

While testing Clang's AddressSanitizer, I found and fixed a buffer overflow.

Up for discussion: it might be worth importing `strlcpy` (http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/string/strlcpy.c?rev=1.11) for similar purposes as it provides additional safety and also helps with the readability?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment