From 155a2a61ee57eee7735d031c489c90255b39797b Mon Sep 17 00:00:00 2001
From: Sean Hall <r.sean.hall@gmail.com>
Date: Mon, 14 Dec 2020 14:30:27 -0600
Subject: WIXBUG:6299 - Fix OverflowException in ReadUInt32.

---
 src/WixToolset.Core.Burn/Bundles/BurnCommon.cs     | 10 ++---
 .../WixToolset.Core.Burn.csproj                    |  3 ++
 .../WixToolsetTest.Core.Burn/BurnReaderFixture.cs  | 44 ++++++++++++++++++++++
 .../WixToolsetTest.Core.Burn.csproj                | 28 ++++++++++++++
 4 files changed, 80 insertions(+), 5 deletions(-)
 create mode 100644 src/test/WixToolsetTest.Core.Burn/BurnReaderFixture.cs
 create mode 100644 src/test/WixToolsetTest.Core.Burn/WixToolsetTest.Core.Burn.csproj

(limited to 'src')

diff --git a/src/WixToolset.Core.Burn/Bundles/BurnCommon.cs b/src/WixToolset.Core.Burn/Bundles/BurnCommon.cs
index 5cff0b5a..01c9f9ca 100644
--- a/src/WixToolset.Core.Burn/Bundles/BurnCommon.cs
+++ b/src/WixToolset.Core.Burn/Bundles/BurnCommon.cs
@@ -354,7 +354,7 @@ namespace WixToolset.Core.Burn.Bundles
         /// <param name="bytes">Array from which to read.</param>
         /// <param name="offset">Beginning offset from which to read.</param>
         /// <returns>value at offset</returns>
-        private static UInt16 ReadUInt16(byte[] bytes, UInt32 offset)
+        internal static UInt16 ReadUInt16(byte[] bytes, UInt32 offset)
         {
             Debug.Assert(offset + 2 <= bytes.Length);
             return (UInt16)(bytes[offset] + (bytes[offset + 1] << 8));
@@ -366,10 +366,10 @@ namespace WixToolset.Core.Burn.Bundles
         /// <param name="bytes">Array from which to read.</param>
         /// <param name="offset">Beginning offset from which to read.</param>
         /// <returns>value at offset</returns>
-        private static UInt32 ReadUInt32(byte[] bytes, UInt32 offset)
+        internal static UInt32 ReadUInt32(byte[] bytes, UInt32 offset)
         {
             Debug.Assert(offset + 4 <= bytes.Length);
-            return (UInt32)(bytes[offset] + (bytes[offset + 1] << 8) + (bytes[offset + 2] << 16) + (bytes[offset + 3] << 24));
+            return BurnCommon.ReadUInt16(bytes, offset) + ((UInt32)BurnCommon.ReadUInt16(bytes, offset + 2) << 16);
         }
 
         /// <summary>
@@ -378,10 +378,10 @@ namespace WixToolset.Core.Burn.Bundles
         /// <param name="bytes">Array from which to read.</param>
         /// <param name="offset">Beginning offset from which to read.</param>
         /// <returns>value at offset</returns>
-        private static UInt64 ReadUInt64(byte[] bytes, UInt32 offset)
+        internal static UInt64 ReadUInt64(byte[] bytes, UInt32 offset)
         {
             Debug.Assert(offset + 8 <= bytes.Length);
-            return BurnCommon.ReadUInt32(bytes, offset) + ((UInt64)(BurnCommon.ReadUInt32(bytes, offset + 4)) << 32);
+            return BurnCommon.ReadUInt32(bytes, offset) + ((UInt64)BurnCommon.ReadUInt32(bytes, offset + 4) << 32);
         }
     }
 }
diff --git a/src/WixToolset.Core.Burn/WixToolset.Core.Burn.csproj b/src/WixToolset.Core.Burn/WixToolset.Core.Burn.csproj
index 77e0856a..b0be1d3b 100644
--- a/src/WixToolset.Core.Burn/WixToolset.Core.Burn.csproj
+++ b/src/WixToolset.Core.Burn/WixToolset.Core.Burn.csproj
@@ -15,6 +15,9 @@
     <AssemblyAttribute Include="System.Runtime.CompilerServices.InternalsVisibleTo">
       <_Parameter1>WixToolset.Core.TestPackage, PublicKey=0024000004800000940000000602000000240000525341310004000001000100a9967ec28982f42ee51a47dd5204315975a6ed69294b982146a99a70130a2fa13e226aaddde14c17d1bf3af69e8956d69a86585e74d208efcc5ac98a0686055327b2e87960d3c39bf3a6bc1e572863327d19dbf4fd2616dda124dbea260755a2d1d39d3cf1049ea526493eb2bf996b8ad985e3012308529e5b9b0f5cd5fa04bd</_Parameter1>
     </AssemblyAttribute>
+    <AssemblyAttribute Include="System.Runtime.CompilerServices.InternalsVisibleTo">
+      <_Parameter1>WixToolsetTest.Core.Burn, PublicKey=0024000004800000940000000602000000240000525341310004000001000100a9967ec28982f42ee51a47dd5204315975a6ed69294b982146a99a70130a2fa13e226aaddde14c17d1bf3af69e8956d69a86585e74d208efcc5ac98a0686055327b2e87960d3c39bf3a6bc1e572863327d19dbf4fd2616dda124dbea260755a2d1d39d3cf1049ea526493eb2bf996b8ad985e3012308529e5b9b0f5cd5fa04bd</_Parameter1>
+    </AssemblyAttribute>
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/test/WixToolsetTest.Core.Burn/BurnReaderFixture.cs b/src/test/WixToolsetTest.Core.Burn/BurnReaderFixture.cs
new file mode 100644
index 00000000..a83da7f6
--- /dev/null
+++ b/src/test/WixToolsetTest.Core.Burn/BurnReaderFixture.cs
@@ -0,0 +1,44 @@
+// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
+
+namespace WixToolsetTest.Core.Burn
+{
+    using System;
+    using WixToolset.Core.Burn.Bundles;
+    using Xunit;
+
+    public class BurnReaderFixture
+    {
+        [Fact]
+        public void CanReadUInt16Max()
+        {
+            var bytes = new byte[] { 0xFF, 0xFF };
+            var offset = 0u;
+
+            var result = BurnCommon.ReadUInt16(bytes, offset);
+
+            Assert.Equal(UInt16.MaxValue, result);
+        }
+
+        [Fact]
+        public void CanReadUInt32Max()
+        {
+            var bytes = new byte[] { 0xFF, 0xFF, 0xFF, 0xFF };
+            var offset = 0u;
+
+            var result = BurnCommon.ReadUInt32(bytes, offset);
+
+            Assert.Equal(UInt32.MaxValue, result);
+        }
+
+        [Fact]
+        public void CanReadUInt64Max()
+        {
+            var bytes = new byte[] { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF };
+            var offset = 0u;
+
+            var result = BurnCommon.ReadUInt64(bytes, offset);
+
+            Assert.Equal(UInt64.MaxValue, result);
+        }
+    }
+}
diff --git a/src/test/WixToolsetTest.Core.Burn/WixToolsetTest.Core.Burn.csproj b/src/test/WixToolsetTest.Core.Burn/WixToolsetTest.Core.Burn.csproj
new file mode 100644
index 00000000..da0985b1
--- /dev/null
+++ b/src/test/WixToolsetTest.Core.Burn/WixToolsetTest.Core.Burn.csproj
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information. -->
+
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>netcoreapp2.1</TargetFramework>
+    <IsPackable>false</IsPackable>
+    <DebugType>embedded</DebugType>
+  </PropertyGroup>
+
+  <PropertyGroup>
+    <NoWarn>NU1701</NoWarn>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\WixToolset.Core.Burn\WixToolset.Core.Burn.csproj" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="WixBuildTools.TestSupport" Version="4.0.*" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="15.8.0" />
+    <PackageReference Include="xunit" Version="2.4.1" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.4.1" PrivateAssets="All" />
+  </ItemGroup>
+</Project>
-- 
cgit v1.2.3-55-g6feb