Fix aligned buffer write #11861
Merged
Fix aligned buffer write #11861
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a particularly subtle bug that requires a chunk (or remaining bit of a chunk) and the destination buffer being _exactly_ the same size. When this happens, the following sequence occurs: 1. `source.Length` and `destination.Length` are exactly aligned. This means that we do not enter the `if` on line 450, and `endOfChunkWritten` will be true. 2. We slice `destination` by `source.Length`. This leaves us with a `destination` that has 0 elements, and `IsEmpty` is true. 3. Because `endOfChunkWritten` is true, we enter the `if` on line 466. This increments us to the next chunk. 4. On line 472 (in the before diff), `destination.IsEmpty` is true, so we enter the `if`, and break out of the loop, never reseting `charIndex` to 0. 5. 4 happens again, this time on line 480 (in the before diff). Again, we do not reset `charIndex` to 0. To fix this, we want to unconditionally reset `charIndex` when we increment a chunk, not wait until after the destination has been checked for empty.
jaredpar
approved these changes
May 14, 2025
333fred
commented
May 14, 2025
| Assert.Equal(output, FirstLine.AsSpan()); | ||
| Array.Clear(output); | ||
|
|
||
| testWriter.Read(output, 0, output.Length); |
There was a problem hiding this comment.
Verified that without the charIndex change, this line fails.
333fred
commented
May 14, 2025
| } | ||
|
|
||
| [Fact] | ||
| public void ReaderOnlyReadsAsMuchAsRequested() |
There was a problem hiding this comment.
This issue is not directly related to the main bug, but is something that @jaredpar noticed when just looking over the code.
jaredpar
approved these changes
May 14, 2025
DustinCampbell
approved these changes
May 15, 2025
src/Compiler/Microsoft.AspNetCore.Razor.Language/test/CodeGeneration/CSharpCodeWriterTest.cs
Outdated
Show resolved
Hide resolved
src/Compiler/Microsoft.AspNetCore.Razor.Language/test/CodeGeneration/CSharpCodeWriterTest.cs
Outdated
Show resolved
Hide resolved
jaredpar
approved these changes
May 15, 2025
|
/backport to release/dev17.14 |
|
Started backporting to release/dev17.14: https://github.com/dotnet/razor/actions/runs/15034407725 |
2 tasks
This was referenced May 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a particularly subtle bug that requires a chunk (or remaining bit of a chunk) and the destination buffer being exactly the same size. When this happens, the following sequence occurs:
source.Lengthanddestination.Lengthare exactly aligned. This means that we do not enter theifon line 450, andendOfChunkWrittenwill be true.destinationbysource.Length. This leaves us with adestinationthat has 0 elements, andIsEmptyis true.endOfChunkWrittenis true, we enter theifon line 466. This increments us to the next chunk.destination.IsEmptyis true, so we enter theif, and break out of the loop, never resetingcharIndexto 0.charIndexto 0.To fix this, we want to unconditionally reset
charIndexwhen we increment a chunk, not wait until after the destination has been checked for empty.