From 326b25a658e87a122708d5ce1f4d997c1c1730f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michal=20Strehovsk=C3=BD?= Date: Wed, 6 Mar 2019 19:23:44 +0100 Subject: Improve resiliency of LoadIBCMethodHelper (#23057) The encoded slot could be bogus and we would end up asserting for this. --- src/vm/ceeload.cpp | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/vm/ceeload.cpp') diff --git a/src/vm/ceeload.cpp b/src/vm/ceeload.cpp index 6d1643b46e..cd46cffaaa 100644 --- a/src/vm/ceeload.cpp +++ b/src/vm/ceeload.cpp @@ -7442,6 +7442,11 @@ MethodDesc* Module::LoadIBCMethodHelper(DataImage *image, CORBBTPROF_BLOB_PARAM_ DWORD slot; IfFailThrow(p.GetData(&slot)); + if (slot >= pOwnerMT->GetNumVtableSlots()) + { + COMPlusThrow(kTypeLoadException, IDS_IBC_MISSING_EXTERNAL_METHOD); + } + pMethod = pOwnerMT->GetMethodDescForSlot(slot); } else // otherwise we use the normal metadata MethodDef token encoding and we handle ibc tokens. -- cgit v1.2.3