Skip to content

[release/10.0] JIT: fix AV caused by JIT#121499

Merged
steveisok merged 1 commit intorelease/10.0from
backport/pr-120575-to-release/10.0
Nov 12, 2025
Merged

[release/10.0] JIT: fix AV caused by JIT#121499
steveisok merged 1 commit intorelease/10.0from
backport/pr-120575-to-release/10.0

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Nov 10, 2025
edited by AndyAyersMS
Loading

Backport of #120575 to release/10.0

/cc @AndyAyersMS

Customer Impact

  • Customer reported
  • Found internally

Reported by customer in #120522

Regression

  • Yes
  • No

Similar problem exists in .NET 8 and .NET 9. I intend to backport this fix there if we fix this in .NET 10.

Testing

Verified on the test case from the issue.

Risk

Low. The JIT special cases return type deductions for Array.Clone, and this issue only triggers if the argument to Array.Clone is a byref. The fix is a bit more general but is mainly defensive, handling cases where return type deductions fail.

@AndyAyersMS
JIT: fix AV caused by JIT
b62e826 
The JIT attempts to deduce a class handle for the return type of TYP_REF calls,
and almost always succeeds. However System.Array.Clone is special cased to return
the type of its argument, and this argument may be a byref indir without a known
managed type, so this deduction may fail.

This causes the JIT to pass a null handle into the VM.

Cope with this by setting the type instead of updating the type, if we discover
it later via inlining.

Closes #120522.
@JulieLeeMSFT JulieLeeMSFT requested a review from EgorBo November 10, 2025 17:54
@JulieLeeMSFT JulieLeeMSFT added this to the 10.0.x milestone Nov 10, 2025
JulieLeeMSFT
JulieLeeMSFT approved these changes Nov 10, 2025
View reviewed changes
Copy link
Member

@JulieLeeMSFT JulieLeeMSFT left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@JulieLeeMSFT JulieLeeMSFT added the Servicing-consider Issue for next servicing release review label Nov 10, 2025
This was referenced Nov 10, 2025
Open
Open
Open
Open
@AndyAyersMS
Copy link
Member

AndyAyersMS commented Nov 11, 2025

@EgorBo can you PTAL

@steveisok steveisok added Servicing-approved Approved for servicing release and removed Servicing-consider Issue for next servicing release review labels Nov 12, 2025
@steveisok steveisok enabled auto-merge (squash) November 12, 2025 11:45
@steveisok
Copy link
Member

steveisok commented Nov 12, 2025

/ba-g Known issues #112633 dotnet/dnceng#6408 dotnet/dnceng#1883

@steveisok steveisok merged commit d8c1745 into release/10.0 Nov 12, 2025
97 of 110 checks passed
@steveisok steveisok deleted the backport/pr-120575-to-release/10.0 branch November 12, 2025 11:46
@ViktorHofer ViktorHofer modified the milestones: 10.0.x, 10.0.1 Nov 21, 2025
@github-actions github-actions bot locked and limited conversation to collaborators Dec 22, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@EgorBo EgorBo EgorBo approved these changes

@JulieLeeMSFT JulieLeeMSFT JulieLeeMSFT approved these changes

Assignees

@AndyAyersMS AndyAyersMS

Labels

Servicing-approved Approved for servicing release

Projects

None yet

Milestone

10.0.1

Development

Successfully merging this pull request may close these issues.

5 participants

@AndyAyersMS @steveisok @EgorBo @JulieLeeMSFT @ViktorHofer