From d87c53b04845a9d6ba9f0de03f407762ae179436 Mon Sep 17 00:00:00 2001
From: Jan Kotas <jkotas@microsoft.com>
Date: Thu, 23 Feb 2017 18:51:03 -0800
Subject: [PATCH] Reject byref-like object in
 FormatterServices.GetUninitializedObject (dotnet/coreclr#9754)

Fixes dotnet/coreclr#9739

Commit migrated from https://github.com/dotnet/coreclr/commit/5957f2dde0f90c2bdaa4f0a83339c87140cc657b
---
 src/coreclr/src/vm/reflectioninvocation.cpp | 71 ++++-------------------------
 src/coreclr/src/vm/reflectioninvocation.h   |  2 -
 2 files changed, 8 insertions(+), 65 deletions(-)

diff --git a/src/coreclr/src/vm/reflectioninvocation.cpp b/src/coreclr/src/vm/reflectioninvocation.cpp
index 02c8891..005279c 100644
--- a/src/coreclr/src/vm/reflectioninvocation.cpp
+++ b/src/coreclr/src/vm/reflectioninvocation.cpp
@@ -2779,65 +2779,18 @@ FCIMPL1(Object*, ReflectionSerialization::GetUninitializedObject, ReflectClassBa
     if (pMT->IsAbstract()) {
         COMPlusThrow(kMemberAccessException,W("Acc_CreateAbst"));
     }
-    else if (pMT->ContainsGenericVariables()) {
+
+    if (pMT->ContainsGenericVariables()) {
         COMPlusThrow(kMemberAccessException,W("Acc_CreateGeneric"));
     }
-    // Never allow allocation of generics actually instantiated over __Canon
-    else if (pMT->IsSharedByGenericInstantiations()) {
-        COMPlusThrow(kNotSupportedException, W("NotSupported_Type"));
-    }
-    
-    // Never allow the allocation of an unitialized ContextBoundObject derived type, these must always be created with a paired
-    // transparent proxy or the jit will get confused.
-
-#ifdef FEATURE_COMINTEROP
-    // Also do not allow allocation of uninitialized RCWs (COM objects).
-    if (pMT->IsComObjectType())
-        COMPlusThrow(kNotSupportedException, W("NotSupported_ManagedActivation"));
-#endif // FEATURE_COMINTEROP
-
-    // If it is a nullable, return the underlying type instead.  
-    if (Nullable::IsNullableType(pMT)) 
-        pMT = pMT->GetInstantiation()[0].GetMethodTable();
- 
-    retVal = pMT->Allocate();
-
-    HELPER_METHOD_FRAME_END();
-    return OBJECTREFToObject(retVal);
-}
-FCIMPLEND
-
-FCIMPL1(Object*, ReflectionSerialization::GetSafeUninitializedObject, ReflectClassBaseObject* objTypeUNSAFE) {
-    FCALL_CONTRACT;
-    
-    OBJECTREF           retVal  = NULL;
-    REFLECTCLASSBASEREF objType = (REFLECTCLASSBASEREF) objTypeUNSAFE;
-
-    HELPER_METHOD_FRAME_BEGIN_RET_1(objType);
-    
-    if (objType == NULL) 
-        COMPlusThrowArgumentNull(W("type"), W("ArgumentNull_Type"));
-
-    TypeHandle type = objType->GetType();
-
-    // Don't allow arrays, pointers, byrefs or function pointers.
-    if (type.IsTypeDesc())
-        COMPlusThrow(kArgumentException, W("Argument_InvalidValue"));
-
-    MethodTable *pMT = type.GetMethodTable();
-    PREFIX_ASSUME(pMT != NULL);
-
-    //We don't allow unitialized strings.
-    if (pMT == g_pStringClass) 
-        COMPlusThrow(kArgumentException, W("Argument_NoUninitializedStrings"));
 
+    if (pMT->IsByRefLike()) {
+        COMPlusThrow(kNotSupportedException, W("NotSupported_ByRefLike"));
+    }
 
-    // if this is an abstract class or an interface type then we will
-    //  fail this
-    if (pMT->IsAbstract())
-        COMPlusThrow(kMemberAccessException,W("Acc_CreateAbst"));
-    else if (pMT->ContainsGenericVariables()) {
-        COMPlusThrow(kMemberAccessException,W("Acc_CreateGeneric"));
+    // Never allow allocation of generics actually instantiated over __Canon
+    if (pMT->IsSharedByGenericInstantiations()) {
+        COMPlusThrow(kNotSupportedException, W("NotSupported_Type"));
     }
 
     // Never allow the allocation of an unitialized ContextBoundObject derived type, these must always be created with a paired
@@ -2860,14 +2813,6 @@ FCIMPL1(Object*, ReflectionSerialization::GetSafeUninitializedObject, ReflectCla
 }
 FCIMPLEND
 
-FCIMPL0(FC_BOOL_RET, ReflectionSerialization::GetEnableUnsafeTypeForwarders)
-{
-    FCALL_CONTRACT;
-    FC_RETURN_BOOL(CLRConfig::GetConfigValue(CLRConfig::EXTERNAL_Serialization_UnsafeTypeForwarding));
-}
-FCIMPLEND
-
-
 //*************************************************************************************************
 //*************************************************************************************************
 //*************************************************************************************************
diff --git a/src/coreclr/src/vm/reflectioninvocation.h b/src/coreclr/src/vm/reflectioninvocation.h
index a05a202..206e751 100644
--- a/src/coreclr/src/vm/reflectioninvocation.h
+++ b/src/coreclr/src/vm/reflectioninvocation.h
@@ -89,8 +89,6 @@ public:
 class ReflectionSerialization {
 public:
     static FCDECL1(Object*, GetUninitializedObject, ReflectClassBaseObject* objTypeUNSAFE);
-    static FCDECL1(Object*, GetSafeUninitializedObject, ReflectClassBaseObject* objTypeUNSAFE);
-    static FCDECL0(FC_BOOL_RET, GetEnableUnsafeTypeForwarders);
 };
 
 class ReflectionEnum {
-- 
2.7.4