Hold that upgrade: Critical bug in .NET 4.6 'breaks applications'

Methods get wrong parameters, claim Stack Overflow dev


A critical bug in the optimizer in the just-released .NET 4.6 runtime could break and crash production applications, we're warned.

"The methods you call can get different parameter values than you passed in," says Nick Craver – software developer and system administrator for Stack Exchange, home of the popular programming support site Stack Overflow – in a post today.

The bug was hard to spot because it only occurs when optimizations are enabled. This means you can build an application, run it in Visual Studio, and everything is fine. It is only when you compile a production build that the problem occurs. Attaching a debugger, says Craver, changes the behavior and usually hides the issue. It was noticed at Stack Overflow because its heavily exercised HTTP caching code was not working with the new runtime, delivering unpredictable results.

The flaw has been documented on GitHub as "Tail Call bug in RyuJIT – incorrect parameters passed," complete with code that reproduces the problem. "When the parameters you're passing aren't the ones the method is getting, all sanity goes out the window. What if your method says how much stock to buy? What if it gives dosing information to a patient? What if it tells a plane what altitude to climb to?" reads the report.

The issue appears to be in the new JIT compiler called RyuJIT. When optimization is enabled, the last method in the call stack can get a random value passed to it.

"The team is taking this very seriously. We're going to talk about it later today as folks get into the office," said Microsoft .NET Program Manager Rich Lander.

Since the bug is in the JIT compiler, the workaround is not to install .NET 4.6 at all. If you install it, even applications targeting earlier versions of .NET may be impacted, since the same compiler is used. A version of .NET 4.6 ships with Windows 10. Craver claimed that Microsoft has "fixed the bug internally, but not for users," in which case, if the bug is as severe as it appears, you can expect a patch to appear soon. ®


Other stories you might like

  • ESA boss gives update on stricken Sentinel-1B imaging satellite: All is not lost yet

    Still borked, 1C and 1D are waiting in the wings

    ESA Director General Josef Aschbacher has addressed the issue of the space agency's borked Copernicus Sentinel-1B spacecraft in his first annual press conference.

    The last useful bit of data from the Earth observation satellite came last year, and as of yesterday attempts to revive the equipment to normal working order have come to naught.

    It's an interesting anomaly: the spacecraft remains under control and, according to Aschbacher, "the thermal control system is properly working and the regular orbit control manoeuvres are routinely performed." However, attempts to reactivate the power unit that's holding back the transmission of image data have proven unsuccessful.

    Continue reading
  • Tesla driver charged with vehicular manslaughter after deadly Autopilot crash

    Prosecution seems to be first of its kind in America

    A Tesla driver has seemingly become the first person in the US to be charged with vehicular manslaughter for a deadly crash in which the vehicle's Autopilot mode was engaged.

    According to the cops, the driver exited a highway in his Tesla Model S, ran a red light, and smashed into a Honda Civic at an intersection in Gardena, Los Angeles County, in late 2019. A man and woman in the second car were killed. The Tesla driver and a passenger survived and were taken to hospital.

    Prosecutors in California charged Kevin George Aziz Riad, 27, in October last year though details of the case are only just emerging, according to AP on Tuesday. Riad, a limousine service driver, is facing two counts of vehicular manslaughter, and is free on bail after pleading not guilty.

    Continue reading
  • AMD returns to smartphone graphics with new Samsung chip for your pocket computer

    We're back in black

    AMD's GPU technology is returning to mobile handsets with Samsung's Exynos 2200 system-on-chip, which was announced on Tuesday.

    The Exynos 2200 processor, fabricated using a 4nm process, has Armv9 CPU cores and the oddly named Xclipse GPU, which is an adaptation of AMD's RDNA 2 mainstream GPU architecture.

    AMD was in the handheld GPU market until 2009, when it sold the Imageon GPU and handheld business for $65m to Qualcomm, which turned the tech into the Adreno GPU for its Snapdragon family. AMD's Imageon processors were used in devices from Motorola, Panasonic, Palm and others making Windows Mobile handsets.

    Continue reading

Biting the hand that feeds IT © 1998–2022