enforce FIELD_OFFSET_LAST_REAL_OFFSET size limit on InlineArrays (dot…

…net#97403)
andanteyk · Jan 24, 2024 · b47fdea · b47fdea
1 parent be6c9f6
commit b47fdea
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 16 deletions.
diff --git a/src/coreclr/tools/Common/TypeSystem/Common/MetadataFieldLayoutAlgorithm.cs b/src/coreclr/tools/Common/TypeSystem/Common/MetadataFieldLayoutAlgorithm.cs
@@ -498,8 +498,8 @@ private static void AdjustForInlineArray(
                 long size = instanceByteSizeAndAlignment.Size.AsInt;
                 size *= repeat;
 
-                // limit the max size of array instance to 1MiB
-                const int maxSize = 1024 * 1024;
+                // limit the max size of array instance to FIELD_OFFSET_LAST_REAL_OFFSET for compatibility with coreclr
+                const int maxSize = ((1 << 27) - 1) - 6;
                 if (size > maxSize)
                 {
                     ThrowHelper.ThrowTypeLoadException(ExceptionStringID.ClassLoadValueClassTooLarge, type);

diff --git a/src/coreclr/vm/methodtablebuilder.cpp b/src/coreclr/vm/methodtablebuilder.cpp
@@ -1764,7 +1764,13 @@ MethodTableBuilder::BuildMethodTableThrowing(
 
         if (bmtFP->NumInlineArrayElements != 0)
         {
-            GetLayoutInfo()->m_cbManagedSize *= bmtFP->NumInlineArrayElements;
+            INT64 extendedSize = (INT64)GetLayoutInfo()->m_cbManagedSize * (INT64)bmtFP->NumInlineArrayElements;
+            if (extendedSize > FIELD_OFFSET_LAST_REAL_OFFSET)
+            {
+                BuildMethodTableThrowException(IDS_CLASSLOAD_FIELDTOOLARGE);
+            }
+
+            GetLayoutInfo()->m_cbManagedSize = (UINT32)extendedSize;
         }
 
         bmtFP->NumInstanceFieldBytes = GetLayoutInfo()->m_cbManagedSize;
@@ -8436,9 +8442,7 @@ VOID    MethodTableBuilder::PlaceInstanceFields(MethodTable ** pByValueClassCach
         if (bmtFP->NumInlineArrayElements > 1)
         {
             INT64 extendedSize = (INT64)dwNumInstanceFieldBytes * (INT64)bmtFP->NumInlineArrayElements;
-            // limit the max size of array instance to 1MiB
-            const INT64 maxSize = 1024 * 1024;
-            if (extendedSize > maxSize)
+            if (extendedSize > FIELD_OFFSET_LAST_REAL_OFFSET)
             {
                 BuildMethodTableThrowException(IDS_CLASSLOAD_FIELDTOOLARGE);
             }

diff --git a/src/tests/Loader/classloader/InlineArray/InlineArrayInvalid.cs b/src/tests/Loader/classloader/InlineArray/InlineArrayInvalid.cs
@@ -38,7 +38,7 @@ public static void ZeroLength_Fails()
         });
     }
 
-    [InlineArray(0x20000000)]
+    [InlineArray(16777216)]
     private struct TooLarge
     {
         public long field;

diff --git a/src/tests/Loader/classloader/InlineArray/InvalidCSharpInlineArray.il b/src/tests/Loader/classloader/InlineArray/InvalidCSharpInlineArray.il
@@ -23,15 +23,6 @@
     .field public int32 'field'
 }
 
-.class public sequential ansi sealed beforefieldinit TooLarge
-    extends [System.Runtime]System.ValueType
-{
-    .custom instance void [System.Runtime]System.Runtime.CompilerServices.InlineArrayAttribute::.ctor(int32) = (
-        01 00 00 00 00 20 00 00
-    )
-    .field public int64 'field'
-}
-
 .class public sequential ansi sealed beforefieldinit NegativeLength
     extends [System.Runtime]System.ValueType
 {