From 6713acfcb51eb977a6260f32331d0173186bb55b Mon Sep 17 00:00:00 2001
From: Andrew Jorgensen <ajorgensen@novell.com>
Date: Mon, 29 Nov 2010 17:28:08 -0700
Subject: Fix for bnc#655847

---
 mono/metadata/class.c            |  3 +++
 mono/metadata/icall.c            |  8 ++++++++
 mono/metadata/reflection.c       |  3 +++
 mono/metadata/verify-internals.h |  2 ++
 mono/metadata/verify.c           | 34 ++++++++++++++++++++++++++++++++++
 5 files changed, 50 insertions(+)

diff --git a/mono/metadata/class.c b/mono/metadata/class.c
index 9bc7f4a28ca..c6002a14f89 100644
--- a/mono/metadata/class.c
+++ b/mono/metadata/class.c
@@ -4467,6 +4467,9 @@ mono_class_init (MonoClass *class)
 			setup_interface_offsets (class, 0);
 	}
 
+	if (class->generic_class && !mono_verifier_class_is_valid_generic_instantiation (class))
+		mono_class_set_failure (class, MONO_EXCEPTION_TYPE_LOAD, g_strdup ("Invalid generic instantiation"));
+
 	goto leave;
 
  leave:
diff --git a/mono/metadata/icall.c b/mono/metadata/icall.c
index c35c871c817..eb246210510 100644
--- a/mono/metadata/icall.c
+++ b/mono/metadata/icall.c
@@ -67,6 +67,7 @@
 #include <mono/metadata/security-core-clr.h>
 #include <mono/metadata/mono-perfcounters.h>
 #include <mono/metadata/mono-debug.h>
+#include <mono/metadata/verify-internals.h>
 #include <mono/io-layer/io-layer.h>
 #include <mono/utils/strtod.h>
 #include <mono/utils/monobitset.h>
@@ -2432,6 +2433,7 @@ ves_icall_Type_GetGenericTypeDefinition_impl (MonoReflectionType *type)
 static MonoReflectionType*
 ves_icall_Type_MakeGenericType (MonoReflectionType *type, MonoArray *type_array)
 {
+	MonoClass *class;
 	MonoType *geninst, **types;
 	int i, count;
 
@@ -2450,6 +2452,12 @@ ves_icall_Type_MakeGenericType (MonoReflectionType *type, MonoArray *type_array)
 	if (!geninst)
 		return NULL;
 
+	class = mono_class_from_mono_type (geninst);
+
+	/*we might inflate to the GTD*/
+	if (class->generic_class && !mono_verifier_class_is_valid_generic_instantiation (class))
+		mono_raise_exception (mono_get_exception_argument ("method", "Invalid generic arguments"));
+
 	return mono_type_get_object (mono_object_domain (type), geninst);
 }
 
diff --git a/mono/metadata/reflection.c b/mono/metadata/reflection.c
index 6465ffbad9a..ef44d7c95cf 100644
--- a/mono/metadata/reflection.c
+++ b/mono/metadata/reflection.c
@@ -10057,6 +10057,9 @@ mono_reflection_bind_generic_method_parameters (MonoReflectionMethod *rmethod, M
 		mono_g_hash_table_insert (image->generic_def_objects, imethod, rmethod);
 		mono_loader_unlock ();
 	}
+
+	if (!mono_verifier_is_method_valid_generic_instantiation (inflated))
+		mono_raise_exception (mono_get_exception_argument ("typeArguments", "Invalid generic arguments"));
 	
 	return mono_method_get_object (mono_object_domain (rmethod), inflated, NULL);
 }
diff --git a/mono/metadata/verify-internals.h b/mono/metadata/verify-internals.h
index 6019b3184fb..a95cc5d2d79 100644
--- a/mono/metadata/verify-internals.h
+++ b/mono/metadata/verify-internals.h
@@ -21,6 +21,8 @@ gboolean mono_verifier_is_enabled_for_class (MonoClass *klass) MONO_INTERNAL;
 
 gboolean mono_verifier_is_method_full_trust (MonoMethod *method) MONO_INTERNAL;
 gboolean mono_verifier_is_class_full_trust (MonoClass *klass) MONO_INTERNAL;
+gboolean mono_verifier_class_is_valid_generic_instantiation (MonoClass *class) MONO_INTERNAL;
+gboolean mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method) MONO_INTERNAL;
 
 gboolean mono_verifier_verify_class (MonoClass *klass) MONO_INTERNAL;
 
diff --git a/mono/metadata/verify.c b/mono/metadata/verify.c
index 52bd1508dba..97965092cae 100644
--- a/mono/metadata/verify.c
+++ b/mono/metadata/verify.c
@@ -6271,6 +6271,25 @@ mono_verifier_verify_class (MonoClass *class)
 		return FALSE;
 	return TRUE;
 }
+
+gboolean
+mono_verifier_class_is_valid_generic_instantiation (MonoClass *class)
+{
+	if (!mono_verifier_is_enabled_for_class (class))
+		return TRUE;
+	return mono_class_is_valid_generic_instantiation (NULL, class);
+}
+
+gboolean
+mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method)
+{
+	if (!method->is_inflated)
+		return TRUE;
+	if (!mono_verifier_is_enabled_for_method (method))
+		return TRUE;
+	return mono_method_is_valid_generic_instantiation (NULL, method);
+}
+
 #else
 
 gboolean
@@ -6342,4 +6361,19 @@ mono_image_verify_tables (MonoImage *image, int level)
 	/* The verifier was disabled at compile time */
 	return NULL;
 }	
+
+gboolean
+mono_verifier_class_is_valid_generic_instantiation (MonoClass *class)
+{
+	return TRUE;
+}
+
+gboolean
+mono_verifier_is_method_valid_generic_instantiation (MonoMethod *method)
+{
+	return TRUE;
+}
+
+
+
 #endif
-- 
cgit v1.2.3