What I hate about Microsoft
-
It is virtuall impossible to figure out if the recent wave of patches[^] fixes this[^] Makes my job suck.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistAs that bug report comes with a reproducible test case, you can try yourself! At least the patch wave finally fixes this[^]. But since Vista users still got a .NET Framework update now even though Jeroen's security hole already is fixed in the .NET version coming with Vista; that means: - there was more than one security hole - or the new JIT version also contains non-security fixes
-
It is virtuall impossible to figure out if the recent wave of patches[^] fixes this[^] Makes my job suck.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistAnd sometimes one patch will stop the IIS irrepairably creating a downtime for 6 hours before another patch comes out fixing the same. :mad: I am talking about a patch with broke ASPNET Worker Process sometime about half year back. :)
Vasudevan Deepak Kumar Personal Homepage Tech Gossips
-
As that bug report comes with a reproducible test case, you can try yourself! At least the patch wave finally fixes this[^]. But since Vista users still got a .NET Framework update now even though Jeroen's security hole already is fixed in the .NET version coming with Vista; that means: - there was more than one security hole - or the new JIT version also contains non-security fixes
I already tried to reproduce the bug but it doesn't work here anymore (running on Vista, Visual Studio Orcas, project was targetted for .NET 2.0)
-
I already tried to reproduce the bug but it doesn't work here anymore (running on Vista, Visual Studio Orcas, project was targetted for .NET 2.0)
I can still reproduce it (VS 2005 on Vista, yesterday's patch is not yet installed). To reproduce the problem, I had to do a release build (compiler option "Optimize code" enabled) and use "Start without Debugging". I'll now install the patch and see if that changes anything.
-
As that bug report comes with a reproducible test case, you can try yourself! At least the patch wave finally fixes this[^]. But since Vista users still got a .NET Framework update now even though Jeroen's security hole already is fixed in the .NET version coming with Vista; that means: - there was more than one security hole - or the new JIT version also contains non-security fixes
If you read the bulletin, under Security Ratings and Vulnerability Identifiers, you will see that three security issues were fixed in total. Of these, only the ASP.NET vulnerability affects Windows Vista (i.e. the other two were already fixed in the version that ships with Windows Vista). It appears that the .NET Framework servicing team do cumulative updates - all reported issues are rolled up into the latest release (this is certainly the simplest approach). This means that many bugs were fixed in addition to the three security issues. As for the
IsNullOrEmptyproblem, the 'Orcas' CLR will be officially labelled .NET Framework 2.0 SP1. Just like .NET Framework 3.0, Framework 3.5 is extensions to Framework 2.0. So this change has been rolled up into the Framework 2.0 servicing branch and probably is in this release.Stability. What an interesting concept. -- Chris Maunder
-
It is virtuall impossible to figure out if the recent wave of patches[^] fixes this[^] Makes my job suck.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistShould be, the .NET Framework servicing team do cumulative updates so the patch release, being a moderately recent build, should include the fix for that. The CLR is remaining unchanged in the 'Orcas' Framework release (.NET Framework 3.5) although the package will be labelled as .NET Framework 2.0 SP1.
Stability. What an interesting concept. -- Chris Maunder
-
It is virtuall impossible to figure out if the recent wave of patches[^] fixes this[^] Makes my job suck.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistI have now installed the patch and can still reproduce the bug. Invalid JIT-optimizations can be security holes (they could be used to circumvent the type system and execute arbitrary x86 code), but this one didn't get fixed. The bug isn't only about string.IsNullOrEmpty, it also effects custom IsNullOrEmpty methods like:
static bool IsNullOrEmpty(string n) { return n == null || n.Length == 0; }Or:
static bool IsNullOrEmpty(List<string> n) { return n == null || n.Count == 0; }Or:
static bool IsNullOrEmpty(string\[\] n) { return n == null || n.Length == 0; }And probably some other kinds of methods involving null-checks, too. Workaround: Optimize your loop invariants manually:
bool isNullOrEmptyX = IsNullOrEmpty(x); for (int j = 0; j < 10; j++) { if (isNullOrEmptyX) { // TODO } } -
It is virtuall impossible to figure out if the recent wave of patches[^] fixes this[^] Makes my job suck.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistI never knew about that bug. I have a few tests of String.IsNullOrEmpty in a VB app that has been live on a customers site for about 6 months and never had a problem. Jon
-
It is virtuall impossible to figure out if the recent wave of patches[^] fixes this[^] Makes my job suck.
We are a big screwed up dysfunctional psychotic happy family - some more screwed up, others more happy, but everybody's psychotic joint venture definition of CP
My first real C# project | Linkify!|FoldWithUs! | sighistHow the heck can you screw up IsNullOrEmpty? I use this all over my code, replacing my own test that I wrote in .NET 1.1. days. Marc
-
How the heck can you screw up IsNullOrEmpty? I use this all over my code, replacing my own test that I wrote in .NET 1.1. days. Marc
Apparently the check can be "optimised" out of the way.
Please visit http://www.readytogiveup.com/ and do something special today. Deja View - the feeling that you've seen this post before.
-
Apparently the check can be "optimised" out of the way.
Please visit http://www.readytogiveup.com/ and do something special today. Deja View - the feeling that you've seen this post before.
Pete O`Hanlon wrote:
Apparently the check can be "optimised" out of the way.
Ah. I was just reading that it's in the JIT optimizations. Sigh. Marc