diff options
| author | Jan Kotas <jkotas@microsoft.com> | 2019-01-02 03:12:27 -1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-01-02 03:12:27 -1000 |
| commit | a5b1c68d4bb8a14042e93acb8f1032db4703b943 (patch) | |
| tree | 3fa2dbae724b7e00b14eece0e18a0002ea3cf7cb /src/vm/ilmarshalers.cpp | |
| parent | ccaba224b69cc3c334e73226e592dde5864afc14 (diff) | |
| download | coreclr-a5b1c68d4bb8a14042e93acb8f1032db4703b943.tar.gz coreclr-a5b1c68d4bb8a14042e93acb8f1032db4703b943.tar.bz2 coreclr-a5b1c68d4bb8a14042e93acb8f1032db4703b943.zip | |
Simplify and improve integer overflow checks in Interop (#21732)
- Delete unnecessary CheckStringLength calls for result of string.Length. Managed strings are guaranteed to be under 2GB bytes, so these checks were unnecessary.
- Add `checked(...)` around buffer size computations that may hit potential integer overflow. It does not look like any of these would cause a bug that would lead to buffer overrun, but it is better to catch these early.
Diffstat (limited to 'src/vm/ilmarshalers.cpp')
| -rw-r--r-- | src/vm/ilmarshalers.cpp | 11 |
1 files changed, 5 insertions, 6 deletions
diff --git a/src/vm/ilmarshalers.cpp b/src/vm/ilmarshalers.cpp index ba341f1560..8b6b15e398 100644 --- a/src/vm/ilmarshalers.cpp +++ b/src/vm/ilmarshalers.cpp @@ -316,12 +316,11 @@ void ILWSTRMarshaler::EmitCheckManagedStringLength(ILCodeStream* pslILEmit) { STANDARD_VM_CONTRACT; + // Note: The maximum size of managed string is under 2GB bytes. This cannot overflow. pslILEmit->EmitCALL(METHOD__STRING__GET_LENGTH, 1, 1); pslILEmit->EmitLDC(1); pslILEmit->EmitADD(); pslILEmit->EmitDUP(); - pslILEmit->EmitCALL(METHOD__STUBHELPERS__CHECK_STRING_LENGTH, 1, 0); - pslILEmit->EmitDUP(); pslILEmit->EmitADD(); // (length+1) * sizeof(WCHAR) } @@ -895,12 +894,12 @@ void ILCSTRBufferMarshaler::EmitConvertSpaceCLRToNative(ILCodeStream* pslILEmit) // stack: capacity pslILEmit->EmitLDSFLD(pslILEmit->GetToken(MscorlibBinder::GetField(FIELD__MARSHAL__SYSTEM_MAX_DBCS_CHAR_SIZE))); - pslILEmit->EmitMUL(); + pslILEmit->EmitMUL_OVF(); // stack: capacity_in_bytes pslILEmit->EmitLDC(1); - pslILEmit->EmitADD(); + pslILEmit->EmitADD_OVF(); // stack: offset_of_secret_null @@ -909,7 +908,7 @@ void ILCSTRBufferMarshaler::EmitConvertSpaceCLRToNative(ILCodeStream* pslILEmit) pslILEmit->EmitSTLOC(dwTmpOffsetOfSecretNull); // make sure the stack is empty for localloc pslILEmit->EmitLDC(3); - pslILEmit->EmitADD(); + pslILEmit->EmitADD_OVF(); // stack: alloc_size_in_bytes ILCodeLabel *pAllocRejoin = pslILEmit->NewCodeLabel(); @@ -2194,7 +2193,7 @@ void ILCSTRMarshaler::EmitConvertContentsCLRToNative(ILCodeStream* pslILEmit) // (String.Length + 2) * GetMaxDBCSCharByteSize() pslILEmit->EmitLDSFLD(pslILEmit->GetToken(MscorlibBinder::GetField(FIELD__MARSHAL__SYSTEM_MAX_DBCS_CHAR_SIZE))); - pslILEmit->EmitMUL(); + pslILEmit->EmitMUL_OVF(); // BufSize = (String.Length + 2) * GetMaxDBCSCharByteSize() pslILEmit->EmitSTLOC(dwBufSize); |