Uploaded image for project: 'Spring.NET'
  1. Spring.NET
  2. SPRNET-1368

CacheResultAdvice may return incompatible objects

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Blocker
    • Resolution: Complete
    • Affects Version/s: 1.2.0, 1.3.0, 1.3.1
    • Fix Version/s: 1.3.1
    • Component/s: Spring-NET-AOP
    • Labels:
      None

      Description

      CacheResultAdvice does not validate an object returned by the underlying ICache implementation before allowing it to be returned. If a rogue object happens to be inserted into the cache, the aspect could return that object when it isn't compatible with the return type on the method signature. If the object returned is smaller than the expected type, access to fields on the expected type will exceed the bounds of the actual instance leading to access violations or unitialized memory being accessed by managed code. This can cause the .NET Runtime to crash with access violations or result in other unexpected errors.

      Since this bug can trigger the .NET runtime to crash with an access violation, it should be treated as severe.

      There are two primary ways this bug can be triggered.

      First, this can happen when there is a cache collision (i.e., two methods use the same cache key to store values of different types).

      Second, CacheResultAdvice caches null values by comparing a cached value with a static field on CacheResultAdvice (NullValue). If the ICache implementation uses serialization (for example a SQL cache, or memcached, etc.), it will return a different instance of System.Object. This will cause CacheResultAdvice to return that instance of System.Object instead of detecting that a null value was stored in the cache.

      The supplied patch against [email protected] includes unit tests to illustrate both problems and provides a fix.

        Activity

        Hide
        sbohlen Steve Bohlen added a comment -

        Patch applied. Good find of the error and nice fix for the issue.

        Show
        sbohlen Steve Bohlen added a comment - Patch applied. Good find of the error and nice fix for the issue.

          People

          • Assignee:
            sbohlen Steve Bohlen
            Reporter:
            lordtrumpet Chris Eldredge
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: