Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[System.Private.Xml] Possible incorrect behavior in character counting ( maxCharsCount >= charsCount ) #111969

Open
dumprop opened this issue Jan 29, 2025 · 1 comment
Open

[System.Private.Xml] Possible incorrect behavior in character counting ( maxCharsCount >= charsCount ) #111969

dumprop opened this issue Jan 29, 2025 · 1 comment
Labels
area-System.Xml untriaged New issue has not been triaged by the area owner

Comments

@dumprop
Copy link

dumprop commented Jan 29, 2025

Description

Hello! I decided to test System.Private.Xml module via fuzzing test.
After some time I found test case which fails Debug.Assert(maxCharsCount >= charsCount)

Image

Reproduction Steps

Download latest .NET v6.0.36 and build it in Debug mode (enable asserts), make reference in test project.
Test's project code:

using SharpFuzz;
using System.Xml;

Fuzzer.Run(stream =>
    {
        try
        {
            using (var xml = XmlReader.Create(stream))
            {
                while (xml.Read()) { }
            }
        }
        catch (XmlException) { }
    }
);

corpus_file_for_xml_crash.txt

In result, value of maxCharsCount is 80 and charsCount is 81 - that produce a crash

Expected behavior

No any crash, as usual

Actual behavior

Debug.Assert(maxCharsCount >= charsCount) is failed because 80 >= 81 is false

Regression?

No response

Known Workarounds

No response

Configuration

.NET v6.0.36 from github, Debug build (enable asserts), Linux Ubuntu x64

Other information

No response
@dotnet-policy-service dotnet-policy-service bot added the untriaged New issue has not been triaged by the area owner label Jan 29, 2025
@dotnet-policy-service Dotnet Policy Service
Copy link
Contributor

Tagging subscribers to this area: @dotnet/area-system-xml
See info in area-owners.md if you want to be subscribed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-System.Xml untriaged New issue has not been triaged by the area owner
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dumprop