Bug 29351 - DataContractSerializer does not honor XmlDictionaryReaderQuotas when deserializing.
Summary: DataContractSerializer does not honor XmlDictionaryReaderQuotas when deserial...
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: unspecified
Hardware: PC Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2015-04-23 14:22 UTC by sornakumar
Modified: 2015-04-28 19:28 UTC (History)
3 users (show)

See Also:
Tags: XmlDictionaryReaderQuotas; Xml
Is this bug a regression?: ---
Last known good build:


Attachments

Description sornakumar 2015-04-23 14:22:51 UTC
When reading an object DataContractSerializer does not honor XmlDictionaryReaderQuotas. Following code is expected to throw a Serialization exception, but instead deserializes without errors.

-- Sample Code --
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Text;
using System.Xml;

namespace SimpleXMLReader
{
    [DataContract(Name = "DummyClass", Namespace = "")]
    public class DummyClass
    {
        [DataMember]
        public int SampleInt { get; set; }

        [DataMember]
        public SomethingElse SomeClass { get; set; }
    }

    [DataContract(Name = "SomethingElse", Namespace = "")]
    public class SomethingElse
    {
        [DataMember]
        public int SampleInt { get; set; }

        [DataMember]
        public string SampleString { get; set; }
    }

    public class Program
    {
        public static void Main()
        {
            var dictionaryQuotas = new XmlDictionaryReaderQuotas();
            dictionaryQuotas.MaxDepth = 1;
            var input = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
                "<DummyClass><SampleInt>10</SampleInt><SomeClass><SampleInt>100</SampleInt>" +
                "<SampleString>HelloWorld</SampleString></SomeClass></DummyClass>";
            var encodedInput = Encoding.UTF8.GetBytes(input);
            using (var reader = XmlDictionaryReader.CreateTextReader(
                new MemoryStream(encodedInput),
                Encoding.UTF8,
                dictionaryQuotas,
                onClose: null))
            {
                var serializer = new DataContractSerializer(typeof(DummyClass));
                var obj = serializer.ReadObject(reader) as DummyClass;

                Console.WriteLine(dictionaryQuotas.MaxDepth);
                Console.WriteLine(obj.SampleInt);
                Console.WriteLine(obj.SomeClass.SampleInt);
                Console.WriteLine(obj.SomeClass.SampleString);
            }
        }
    }
}
-- End of Sample code --
Comment 1 Chris Hamons 2015-04-28 19:28:58 UTC
This appears to be a bug in the mono class library. DataContractSerializer is a System.* type, not a MonoMac or Xamarin.Mac type.

Note You need to log in before you can comment on or make changes to this bug.