Fix memory corruption bug in virtual static method dispatch (#107763)

- Use `TypeHandle::CanCastTo` instead of `MethodTable::CanCastTo` - The issue is that the `MethodTable` api requires cooperative mode, and the `TypeHandle` supports either mode Fixes #107754
dotnet · Sep 13, 2024 · 170b42c · 170b42c
1 parent 9bf9224
commit 170b42c
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 3 deletions.
diff --git a/src/coreclr/vm/methodtable.cpp b/src/coreclr/vm/methodtable.cpp
@@ -7825,8 +7825,9 @@ MethodTable::ResolveVirtualStaticMethod(
     ClassLoadLevel level)
 {
     CONTRACTL{
-       THROWS;
-       GC_TRIGGERS;
+        MODE_ANY;
+        THROWS;
+        GC_TRIGGERS;
     } CONTRACTL_END;
 
     bool verifyImplemented = (resolveVirtualStaticMethodFlags & ResolveVirtualStaticMethodFlags::VerifyImplemented) != ResolveVirtualStaticMethodFlags::None;
@@ -7986,6 +7987,12 @@ MethodTable::ResolveVirtualStaticMethod(
 MethodDesc*
 MethodTable::TryResolveVirtualStaticMethodOnThisType(MethodTable* pInterfaceType, MethodDesc* pInterfaceMD, ResolveVirtualStaticMethodFlags resolveVirtualStaticMethodFlags, ClassLoadLevel level)
 {
+    CONTRACTL{
+        MODE_ANY;
+        THROWS;
+        GC_TRIGGERS;
+    } CONTRACTL_END;
+
     bool instantiateMethodParameters = (resolveVirtualStaticMethodFlags & ResolveVirtualStaticMethodFlags::InstantiateResultOverFinalMethodDesc) != ResolveVirtualStaticMethodFlags::None;
     bool allowVariance = (resolveVirtualStaticMethodFlags & ResolveVirtualStaticMethodFlags::AllowVariantMatches) != ResolveVirtualStaticMethodFlags::None;
     bool verifyImplemented = (resolveVirtualStaticMethodFlags & ResolveVirtualStaticMethodFlags::VerifyImplemented) != ResolveVirtualStaticMethodFlags::None;
@@ -8041,7 +8048,7 @@ MethodTable::TryResolveVirtualStaticMethodOnThisType(MethodTable* pInterfaceType
         {
             // Allow variant, but not equivalent interface match
             if (!pInterfaceType->HasSameTypeDefAs(pInterfaceMT) ||
-                !pInterfaceMT->CanCastTo(pInterfaceType, NULL))
+                !TypeHandle(pInterfaceMT).CanCastTo(pInterfaceType, NULL))
             {
                 continue;
             }

diff --git a/...Loader/classloader/StaticVirtualMethods/Regression/VariantVirtualStaticDefaultDispatch.cs b/...Loader/classloader/StaticVirtualMethods/Regression/VariantVirtualStaticDefaultDispatch.cs
@@ -0,0 +1,44 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.Runtime.CompilerServices;
+using Xunit;
+
+// This test comes from https://github.com/dotnet/runtime/issues/107754
+
+namespace VariantVirtualStaticDefaultDispatch
+{
+    interface IStaticConstraint<in T>
+    {
+        public abstract static void M();
+    }
+
+    interface IStaticConstraintDefaultImpl<in T> : IStaticConstraint<T>
+    {
+        static void IStaticConstraint<T>.M() { }
+    }
+
+    interface IConstraintCheck<U, W> where U : IStaticConstraint<W>
+    {
+    }
+
+    struct StructThatImplementsConstraint : IStaticConstraintDefaultImpl<object>
+    {
+    }
+
+    public class Tests
+    {
+        [MethodImpl(MethodImplOptions.NoInlining)]
+        static void M<U>() where U: IStaticConstraint<string>
+        {
+            U.M();
+        }
+
+        [Fact]
+        public static void RunTest()
+        {
+            System.Console.WriteLine(typeof(IConstraintCheck<StructThatImplementsConstraint, string>));
+            M<StructThatImplementsConstraint>();
+        }
+    }
+}
diff --git a/...er/classloader/StaticVirtualMethods/Regression/VariantVirtualStaticDefaultDispatch.csproj b/...er/classloader/StaticVirtualMethods/Regression/VariantVirtualStaticDefaultDispatch.csproj
@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <DebugType>Full</DebugType>
+  </PropertyGroup>
+  <ItemGroup>
+    <Compile Include="$(MSBuildThisFileName).cs" />
+  </ItemGroup>
+</Project>