Don't assume result is non-NULL if its type is not TYPE_VOID when tracing. (#20832)

This change is released under the MIT license.

On a CEE_MONO_ICALL set to mono_threads_detach_coop (from native to managed),
the profile code is always emitted without a return value, since it's not at
a ret. This means it's never set, even if there actually is a return type
(other than TYPE_VOID). When tracing, it's assumed that valid result types
other than TYPE_VOID can be dereferenced, even though in this case no result
has been set. This causes a null dereference fault.

1 files changed, 6 insertions, 0 deletions

diff --git a/mono/mini/trace.c b/mono/mini/trace.c
index 56e19a85751..588252ca1e9 100644
--- a/mono/mini/trace.c
+++ b/mono/mini/trace.c
@@ -353,6 +353,11 @@ mono_trace_leave_method (MonoMethod *method, MonoJitInfo *ji, MonoProfilerCallCo
 	type = mini_get_underlying_type (mono_method_signature_internal (method)->ret);
 
 	gpointer buf = mini_profiler_context_get_result (ctx);
+	if (!buf && type->type != MONO_TYPE_VOID) {
+		printf ("result unknown");
+		goto finish;
+	}
+
 	switch (type->type) {
 	case MONO_TYPE_VOID:
 		break;
@@ -435,6 +440,7 @@ mono_trace_leave_method (MonoMethod *method, MonoJitInfo *ji, MonoProfilerCallCo
 	}
 	mini_profiler_context_free_buffer (buf);
 
+finish:
 	//printf (" ip: %p\n", MONO_RETURN_ADDRESS_N (1));
 	printf ("\n");
 	fflush (stdout);