Ensure MetadataEnumResult is sufficiently updated by MetaDataImport::Enum (#56756)

AndyAyersMS · web-flow · commit 394e24f7045d · 2021-08-03T09:06:47.000-07:00
`MetadataEnumResult` has a fixed inline buffer for returning small results and a pointer to allow it to return larger ones. The indexer for this checks the pointer and if non-null assumes that's the current set of values. But if a `MetadataEnumResult` is re-used within a loop, values written to it by `MetaDataImport::Enum` may bleed from one loop iteration to the next if the iterations first get a large result and then a small one. One case where this could happen was in libraries PGO tests, where PGO data encouraged the jit to inline `MemberInfoCache<T>.PopulateProperties(Filter,...)` into `MemberInfoCache<T>.PopulateProperties(Filter)`. Note this also is a conseqeunce of skipping zero init locals; without that the struct would have been zeroed each loop iteration. Fixes #56655.
diff --git a/src/coreclr/vm/managedmdimport.cpp b/src/coreclr/vm/managedmdimport.cpp
@@ -163,6 +163,7 @@ static int * EnsureResultSize(MetadataEnumResult * pResult, ULONG length)
     else
     {
         ZeroMemory(pResult->smallResult, sizeof(pResult->smallResult));
+        pResult->largeResult = NULL;
         p = pResult->smallResult;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -163,6 +163,7 @@ static int * EnsureResultSize(MetadataEnumResult * pResult, ULONG length)`
`163`	`163`	`else`
`164`	`164`	`{`
`165`	`165`	`ZeroMemory(pResult->smallResult, sizeof(pResult->smallResult));`
	`166`	`+ pResult->largeResult = NULL;`
`166`	`167`	`p = pResult->smallResult;`
`167`	`168`	`}`
`168`	`169`