Bug 29351 - DataContractSerializer does not honor XmlDictionaryReaderQuotas when deserializing.
Summary: DataContractSerializer does not honor XmlDictionaryReaderQuotas when deserial...
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: unspecified
Hardware: PC Mac OS
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
Depends on:
Reported: 2015-04-23 14:22 UTC by sornakumar
Modified: 2015-04-28 19:28 UTC (History)
3 users (show)

See Also:
Tags: XmlDictionaryReaderQuotas; Xml
Is this bug a regression?: ---
Last known good build:


Description sornakumar 2015-04-23 14:22:51 UTC
When reading an object DataContractSerializer does not honor XmlDictionaryReaderQuotas. Following code is expected to throw a Serialization exception, but instead deserializes without errors.

-- Sample Code --
using System;
using System.IO;
using System.Runtime.Serialization;
using System.Text;
using System.Xml;

namespace SimpleXMLReader
    [DataContract(Name = "DummyClass", Namespace = "")]
    public class DummyClass
        public int SampleInt { get; set; }

        public SomethingElse SomeClass { get; set; }

    [DataContract(Name = "SomethingElse", Namespace = "")]
    public class SomethingElse
        public int SampleInt { get; set; }

        public string SampleString { get; set; }

    public class Program
        public static void Main()
            var dictionaryQuotas = new XmlDictionaryReaderQuotas();
            dictionaryQuotas.MaxDepth = 1;
            var input = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
                "<DummyClass><SampleInt>10</SampleInt><SomeClass><SampleInt>100</SampleInt>" +
            var encodedInput = Encoding.UTF8.GetBytes(input);
            using (var reader = XmlDictionaryReader.CreateTextReader(
                new MemoryStream(encodedInput),
                onClose: null))
                var serializer = new DataContractSerializer(typeof(DummyClass));
                var obj = serializer.ReadObject(reader) as DummyClass;

-- End of Sample code --
Comment 1 Chris Hamons 2015-04-28 19:28:58 UTC
This appears to be a bug in the mono class library. DataContractSerializer is a System.* type, not a MonoMac or Xamarin.Mac type.

Note You need to log in before you can comment on or make changes to this bug.