CounterSet.CreateCounterSetInstance can stack overflow with excessive counters #110843
Labels
area-System.Diagnostics.PerformanceCounter
in-pr
There is an active PR which will close this issue when it is merged
untriaged
New issue has not been triaged by the area owner
This
stackalloc
can stack overflow as the size of it is unbound, and depends on the number of counters in theCounterSet
:runtime/src/libraries/System.Diagnostics.PerformanceCounter/src/System/Diagnostics/PerformanceData/CounterSet.cs
Line 211 in 1019d31
Despite the variable name being capitalized, it is not
const
and its final value depends on_idToCounter.Count
.Can be reproduced with:
After a quick check with @GrabYourPitchforks, we do not think this is a DoS vulnerability since it is unlikely that the number of times
AddCounter
is called is driven by untrusted user input.Nevertheless, the runtime stack overflowing from public APIs is probably not desirable.
The text was updated successfully, but these errors were encountered: