Bug 315650 (MONO62263) - [PATCH] invalid pointer array access
Summary: [PATCH] invalid pointer array access
Status: RESOLVED FIXED
Alias: MONO62263
Product: Mono: Compilers
Classification: Mono
Component: C# (show other bugs)
Version: unspecified
Hardware: Other SLES 8
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Ben Maurer
QA Contact: Mono Bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-02 11:34 UTC by Roland Schatz
Modified: 2007-09-15 21:24 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
sample program demonstrating the bug (2.18 KB, application/octet-stream)
2004-08-02 11:35 UTC, Thomas Wiest 		Details
Patch (1.09 KB, patch)
2004-08-03 04:50 UTC, Thomas Wiest 		Details | Diff
sample program demonstrating the bug, should produce a compiler error (486 bytes, text/plain)
2004-08-10 11:49 UTC, Thomas Wiest 		Details
patch for second issue (2.42 KB, patch)
2004-08-29 22:07 UTC, Thomas Wiest 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Wiest 2007-09-15 18:48:40 UTC 


---- Reported by overmind@gmx.net 2004-08-02 04:34:31 MST ----

Description of Problem:
When I access a C-style array of structs using a pointer in an unsafe
context, the pointer gets incremented by exactly 4 byte, not by the size of
the array.

Steps to reproduce the problem:
1. compile my sample code from the attachment
2. compare the output of the windows compiled executable with the output of
the mono compiled executable

Actual Results:
3
ptr[1].a = 3 overwrites the value at ptr[0].b

Expected Results:
2
ptr[0].b is initially assigned 2, and this should not be changed by the
following code

How often does this happen? 
always

Additional Information:
I attached a tarball containing the source code to reproduce the bug
(bug.cs) and two assemblies, one compiled with mcs, one with csc on
windows. The windows assembly runs correctly on both platforms, the mono
assembly fails on both platforms.



---- Additional Comments From overmind@gmx.net 2004-08-02 04:35:24 MST ----

Created an attachment (id=166559)
sample program demonstrating the bug




---- Additional Comments From bmaurer@users.sf.net 2004-08-02 21:50:26 MST ----

Created an attachment (id=166560)
Patch




---- Additional Comments From bmaurer@users.sf.net 2004-08-02 21:51:14 MST ----

The problem is that we take the size of Type*, not the size of Type.
So the size always seems to be 4.



---- Additional Comments From miguel@ximian.com 2004-08-03 12:47:06 MST ----

Ben, can you please apply this patch, and add the relevant
test cases?




---- Additional Comments From bmaurer@users.sf.net 2004-08-03 13:00:18 MST ----

Fixed in HEAD and 1.0.



---- Additional Comments From overmind@gmx.net 2004-08-10 04:46:57 MST ----

The original bug is fixed, but the fix introduces a new bug:

When making pointer arithmetic with a void* pointer, the pointer
simply gets incremented by 0 bytes (sizeof void), but there should be
a compiler error.

The MS compiler gives the error message: "error CS0242: The operation
in question is undefined on void pointers"



---- Additional Comments From overmind@gmx.net 2004-08-10 04:49:06 MST ----

Created an attachment (id=166561)
sample program demonstrating the bug, should produce a compiler error




---- Additional Comments From bmaurer@users.sf.net 2004-08-29 15:07:32 MST ----

Created an attachment (id=166562)
patch for second issue




---- Additional Comments From bmaurer@users.sf.net 2004-08-29 15:09:03 MST ----

Ok, this patch fixes that. Basically, I had to add a few Resolve calls
(PointerArithmatic.Resolve was a nop before), and a few other cosmetic
changes



---- Additional Comments From bmaurer@users.sf.net 2004-08-29 15:34:05 MST ----

Fixed in 1.0 and HEAD

Imported an attachment (id=166559)
Imported an attachment (id=166560)
Imported an attachment (id=166561)
Imported an attachment (id=166562)