Hi,
I stumbled upon an issue where the dnPE constructors basically never returns and fills up the system's memory. This is caused by malformed .NET files such as 8923b5950bb68d0f44093e08a97492c00049ee2c2fbd842da95c7adeff8e6d85.
The cause is that the rowcount table has a couple entries with values such as 4 billion. The loop that allocates the rows thus runs into trouble.
Would it make sense to either add a hard limit (like, anything more than 1 million rows per table should never happen in reality), or a slightly more intelligent check that uses the row size & table size to see if the count is legit?
Lazy loading does not solve the problem with this file, it exacerbates it. There's probably more data down the line that is completely out of bounds.
Hi,
I stumbled upon an issue where the
dnPEconstructors basically never returns and fills up the system's memory. This is caused by malformed .NET files such as8923b5950bb68d0f44093e08a97492c00049ee2c2fbd842da95c7adeff8e6d85.The cause is that the rowcount table has a couple entries with values such as 4 billion. The loop that allocates the rows thus runs into trouble.
Would it make sense to either add a hard limit (like, anything more than 1 million rows per table should never happen in reality), or a slightly more intelligent check that uses the row size & table size to see if the count is legit?
Lazy loading does not solve the problem with this file, it exacerbates it. There's probably more data down the line that is completely out of bounds.