Skip to content
This repository was archived by the owner on Jan 23, 2023. It is now read-only.

Simplify and improve integer overflow checks in Interop#21732

Merged
jkotas merged 3 commits into
dotnet:masterfrom
jkotas:CheckStringLength
Jan 2, 2019
Merged

Simplify and improve integer overflow checks in Interop#21732
jkotas merged 3 commits into
dotnet:masterfrom
jkotas:CheckStringLength

Conversation

@jkotas
Copy link
Copy Markdown
Member

@jkotas jkotas commented Jan 1, 2019

  • Delete unnecessary CheckStringLength calls for result of string.Length. Managed strings are guaranteed to be under 2GB bytes, so these checks were unnecessary.
  • Add checked(...) around buffer size computations that may hit potential integer overflow. It does not look like any of these would cause a bug that would lead to buffer overrun, but it is better to catch these early.

@jkotas
Simplify and improve integer overflow checks in Interop
1852056 
- Delete unnecessary CheckStringLength calls for result of string.Length. Managed strings are guaranteed to be under 2GB bytes, so these checks were unnecessary.
- Add `checked(...)` around buffer size computations that may hit potential integer overflow. It does not look like any of these would cause a bug that would lead to buffer overrun, but it is better to catch these early.
@jkotas
Copy link
Copy Markdown
Member Author

jkotas commented Jan 1, 2019

cc @benaadams Related to #21729 (review)

benaadams
benaadams reviewed Jan 1, 2019
View reviewed changes
Comment thread src/System.Private.CoreLib/src/System/StubHelpers.cs Outdated
@jkotas
Copy link
Copy Markdown
Member Author

jkotas commented Jan 1, 2019

@dotnet-bot test Ubuntu x64 Checked CoreFX Tests please
@dotnet-bot test Windows_NT x64 Checked CoreFX Tests please

AaronRobinsonMSFT
AaronRobinsonMSFT reviewed Jan 1, 2019
View reviewed changes
Comment thread src/System.Private.CoreLib/src/System/StubHelpers.cs Outdated
AaronRobinsonMSFT
AaronRobinsonMSFT reviewed Jan 1, 2019
View reviewed changes
Comment thread src/System.Private.CoreLib/src/System/StubHelpers.cs Outdated
AaronRobinsonMSFT
AaronRobinsonMSFT reviewed Jan 1, 2019
View reviewed changes
Comment thread src/System.Private.CoreLib/src/System/StubHelpers.cs

// marshal the object as Ansi string (UnmanagedType.LPStr)
int allocSize = (pManagedHome.Capacity * Marshal.SystemMaxDBCSCharSize) + 4;
int allocSize = checked((pManagedHome.Capacity * Marshal.SystemMaxDBCSCharSize) + 4);
Copy link
Copy Markdown
Member

@AaronRobinsonMSFT AaronRobinsonMSFT Jan 1, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am I to assume the + 4 is because of BSTR semantics? If so can we doc that as well. I don't fully understand why that is true based on the comment above though. What am I missing?

Copy link
Copy Markdown
Member Author

@jkotas jkotas Jan 2, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+ 4 is because of BSTR semantics?

Looking at the code that follows, my guess that this is some kind of compat quirk. There was probably some broken .NET Framework app with buffer overrun, and we have made it "work" by allocating bigger buffer than strictly necessary and filling that buffer with 3 extra null terminators. I am just speculating. I was not able to trace down where this came from in the source control history.

@jkotas jkotas merged commit a5b1c68 into dotnet:master Jan 2, 2019
@jkotas jkotas deleted the CheckStringLength branch January 4, 2019 18:55
picenka21 pushed a commit to picenka21/runtime that referenced this pull request Feb 18, 2022
@jkotas
Simplify and improve integer overflow checks in Interop (dotnet/corec…
b28d87d 
…lr#21732)

- Delete unnecessary CheckStringLength calls for result of string.Length. Managed strings are guaranteed to be under 2GB bytes, so these checks were unnecessary.
- Add `checked(...)` around buffer size computations that may hit potential integer overflow. It does not look like any of these would cause a bug that would lead to buffer overrun, but it is better to catch these early.


Commit migrated from dotnet/coreclr@a5b1c68
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jkoritzinsky jkoritzinsky Awaiting requested review from jkoritzinsky

2 more reviewers

@benaadams benaadams benaadams approved these changes

@AaronRobinsonMSFT AaronRobinsonMSFT AaronRobinsonMSFT approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

area-Interop

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jkotas @benaadams @AaronRobinsonMSFT