possible null ref in SignatureHelper #110832
Labels
area-VM-reflection-mono
Reflection issues specific to MonoVM
runtime-mono
specific to the Mono runtime
untriaged
New issue has not been triaged by the area owner
I analyzed .net runtime sources with Svace static analyzer and it found an error of DEREF_AFTER_NULL category (situations where first, a pointer is compared to NULL (which indicates that it could have a NULL value), and then it is dereferenced (unconditionally)) here
runtime/src/mono/System.Private.CoreLib/src/System/Reflection/Emit/SignatureHelper.cs
Line 307 in 54527ea
Analyzer says "Value tone, which can have null value due to comparison with null, is dereferenced in member access expression tone!.Length"
Searching code history I found commit 5cd7e97 where there was added nullable-forgiving operator. But I think in this situation, it may be a real error: it seems that in lines below
runtime/src/mono/System.Private.CoreLib/src/System/Reflection/Emit/SignatureHelper.cs
Lines 299 to 305 in 54527ea
in situation
tone==null && ttwo!=null
constructionreturn false
must be added. Because this code construction is similar toruntime/src/mono/System.Private.CoreLib/src/System/Reflection/Emit/SignatureHelper.cs
Lines 315 to 322 in 54527ea
Firstly, in function CompareOK this case tells that comparison is failed. Secondly, there is potentially null in
tone
can be dereferenced whenttwo
is not null. Isn't it?Found by Linux Verification Center (linuxtesting.org) with SVACE.
The text was updated successfully, but these errors were encountered: