[reflection] Check whether a pointer is valid before dereferencing (#19842)
`Xamarin.Android` native runtime calls `mono_reflection_type_from_name`
and passes `NULL` as the `image` parameter. The parameter is then
propagated all the way to `_mono_reflection_get_type_from_info` where,
in case the assembly isn't loaded yet, it is used to obtain base
directory of the assembly. However, since the `image` parameter is
`NULL` in our case, attempt to dereference it causes a segfault:
libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4c0 in tid 11029 (ompanyname.app3), pid 11029 (ompanyname.app3)
crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
/system/bin/tombstoned: received crash request for pid 11029
crash_dump64: performing dump of process 11029 (target tid = 11029)
DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
DEBUG : Build fingerprint: 'google/sdk_gphone_x86_64/generic_x86_64:10/QSR1.190920.001/
5891938:user/release-keys'
DEBUG : Revision: '0'
DEBUG : ABI: 'x86_64'
DEBUG : Timestamp: 2020-05-25 14:45:29+0200
DEBUG : pid: 11029, tid: 11029, name: ompanyname.app3 >>> com.companyname.app3 <<<
DEBUG : uid: 10134
DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x4c0
DEBUG : Cause: null pointer dereference
DEBUG : rax
000000000000002f rbx
0000000000000001 rcx
0000000000000000 rdx
0000000000000030
DEBUG : r8
0000000000000003 r9
000000000013e2e2 r10
0173eed800000000 r11
0000000000000206
DEBUG : r12
0000000000000000 r13
00007478530343c0 r14
00007478075eda33 r15
000074780763efb0
DEBUG : rdi
0000000000000000 rsi
00007478e2cb14d0
DEBUG : rbp
00007ffef3a35680 rsp
00007ffef3a355d0 rip
0000747807a4066a
DEBUG :
DEBUG : backtrace:
DEBUG : #00 pc
00000000003ba66a /data/app/com.companyname.app3-aQUF6Ge6_v-WaLb5i8Q7vw==/lib/x86_64/libmonosgen-2.0.so (_mono_reflection_get_type_from_info+474)
DEBUG : #01 pc
00000000003ba3d1 /data/app/com.companyname.app3-aQUF6Ge6_v-WaLb5i8Q7vw==/lib/x86_64/libmonosgen-2.0.so (mono_reflection_type_from_name_checked+321)
DEBUG : #02 pc
00000000003ba26d /data/app/com.companyname.app3-aQUF6Ge6_v-WaLb5i8Q7vw==/lib/x86_64/libmonosgen-2.0.so (mono_reflection_type_from_name+125)
DEBUG : #03 pc
000000000000ddb5 /data/app/com.companyname.app3-aQUF6Ge6_v-WaLb5i8Q7vw==/lib/x86_64/libmonodroid.so (xamarin::android::internal::EmbeddedAssemblies::typemap_java_to_managed(char const*)+389) (BuildId:
9952f1cfe0d910ae631abc73479f88eef34fd71d)
DEBUG : #04 pc
000000000000def3 /data/app/com.companyname.app3-aQUF6Ge6_v-WaLb5i8Q7vw==/lib/x86_64/libmonodroid.so (xamarin::android::internal::EmbeddedAssemblies::typemap_java_to_managed(_MonoString*)+99) (BuildId:
9952f1cfe0d910ae631abc73479f88eef34fd71d)
DEBUG : #05 pc
0000000000069532 <anonymous:
5ad25000>
Even though this happens in `Xamarin.Android`, the error may occur for
any embedding application which passes `NULL` for the `image` parameter
in situation when the assembly isn't in memory yet.
Co-authored-by: Marek Habersack <grendel@twistedcode.net>