Skip to content

Fix NullReferenceException and InvalidCastException in SystemClassWithMembersAndTypesRecord #121409

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
+83 −1
Open

Fix NullReferenceException and InvalidCastException in SystemClassWithMembersAndTypesRecord #121409

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
e527882
Initial plan
Copilot Nov 6, 2025
050399a
Fix NullReferenceException and InvalidCastException in SystemClassWit…
Copilot Nov 6, 2025
924866d
Remove trailing whitespace from blank lines
Copilot Nov 7, 2025
f3ff132
Rewrite fuzzer tests using BinaryWriter pattern and fix test assertions
Copilot Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion ...aries/System.Formats.Nrbf/src/System/Formats/Nrbf/SystemClassWithMembersAndTypesRecord.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,9 @@ SerializationRecord Create<T>(T value) where T : unmanaged
bool HasMember(string name, int order, PrimitiveType primitiveType)
=> classInfo.MemberNames.TryGetValue(name, out int memberOrder)
&& memberOrder == order
&& ((PrimitiveType)memberTypeInfo.Infos[order].AdditionalInfo!) == primitiveType;
&& memberTypeInfo.Infos[order].BinaryType == BinaryType.Primitive
&& memberTypeInfo.Infos[order].AdditionalInfo is PrimitiveType pt
&& pt == primitiveType;
}

internal override (AllowedRecordTypes allowed, PrimitiveType primitiveType) GetNextAllowedRecordType()
Expand Down
22 changes: 22 additions & 0 deletions src/libraries/System.Formats.Nrbf/tests/InvalidInputTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -632,4 +632,26 @@ public void SurrogateCharacters(bool array)

Assert.Throws<SerializationException>(() => NrbfDecoder.Decode(stream));
}

[Fact]
public void FuzzerInput_SystemClassInsteadOfPrimitive_DateTime()
{
// This test reproduces the InvalidCastException found by the fuzzer
// where dateData member has BinaryType.SystemClass instead of BinaryType.Primitive
byte[] input = Convert.FromBase64String("AAGAAAD/////AQAAAAAAAAAEAQAAAA9TeXN0ZW0uRGF0ZVRpbWUCAAAABXRpY2tzCGRhdGVEYXRhAAMJEAAAYF9qYWdnZWQGBQoKCgoHAQD3/wABAAAAAgAtAAAGCgoKCgs=");
Copy link
Member

@adamsitnik adamsitnik Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the reported issue, the input string is different. It does not end with GCgoKCgs=, but GCgoKCAs= (g => A).

Please use the exact string from the bug report.

Copy link
Contributor Author

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in f3ff132. The tests now use BinaryWriter to construct the payload, making it clearer what the test data contains.


Copy link

Copilot AI Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove trailing whitespace from this blank line.

Suggested change

Copilot uses AI. Check for mistakes.
using MemoryStream stream = new MemoryStream(input);
Assert.Throws<SerializationException>(() => NrbfDecoder.Decode(stream));
}

[Fact]
public void FuzzerInput_MissingAdditionalInfo_DateTime()
{
// This test reproduces the NullReferenceException found by the fuzzer
// where BinaryType.String has null AdditionalInfo
byte[] input = Convert.FromBase64String("AAEAAMz/////AQAAAAAAAAAEAQAAAA9TeXN0ZW0uRGF0ZVRpbWUCAAAABXRpY2tzCGRhdGVEYXRhAAEJEAAAYF+5MtwIAABgX7k2sLCwsLCwsLCwsLCwsLCwsLCwsNHcCAk=");
Copy link
Member

@adamsitnik adamsitnik Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using direct output from the Fuzzer is acceptable, but it would be nicer to create the payload in a way other tests in this class do it: write everything using BinaryWriter and add comments for crucial parts. It would be easier to understand for the humans what the input actually contains (here I need to rely on a comment that may not be true).

Copy link
Contributor Author

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in f3ff132. The tests now follow the same pattern as other tests in the class, using BinaryWriter with comments explaining each part of the payload.


Copy link

Copilot AI Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove trailing whitespace from this blank line.

Copilot uses AI. Check for mistakes.
Copy link
Member

@stephentoub stephentoub Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot apply changes based on this feedback

Copy link
Contributor Author

Copilot AI Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in 924866d

using MemoryStream stream = new MemoryStream(input);
Assert.Throws<SerializationException>(() => NrbfDecoder.Decode(stream));
}
Copy link
Member

@stephentoub stephentoub Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@adamsitnik, just fyi, I copied these tests locally without the fix and verified they both fail.

}
Loading