Re: possible bug in .xml serialization might skip messages

[Rohit <rohits79 () yahoo com>]

Hello,

Just to add more to the information. I have had tested
this paranormal ;) activity with both releases of .net
framework (i.e. 1.1 and 2.0 beta).

I would like to post this as a bug to Microsoft's (but
am unable to find any link whatsoever, any pointers?)
and so far am waiting for the bugtraq's admin to add
me to the list so i could submit this as a bug. 

Consequences of this issue:
If any one of us is using .net and relying on xml
serialization then there is a good chance that the
expected message won't be generated (as in this case)
and may lead to abnormal behavior depending on the
implementation and testing.

thanks
rohit

(Please don't judge the code :) am not concentrating
on any practices, this was just a proof of concept)


--- Rohit <rohits79 () yahoo com> wrote:

> Here is the snippet of the code in .net. 
> With long and boolean type of variable (with
> variable
> name declared as substring of the other) the XML
> serialization doesn't work fine as expected, and
> message is truncated (i.e. the required xml element
> is
> not generated)
> ---
>
> using System;
> using System.Xml;
> using System.IO;
> using System.Xml.Serialization;
>
> namespace ConsoleApplication1
> {
>
>       [Serializable()]
>       public class tResponseGeneralInfo
>       {
>             public long ProfileNumber;
>
>             public bool ProfileNumberSpecified;
>
>       }
>
>       class Class1
>       {
>             [STAThread]
>             static void Main(string[] args)
>             {
>                   tResponseGeneralInfo obj = new
> tResponseGeneralInfo();
>                   obj.ProfileNumber = 23;
>
>                   XmlDocument oXmlDoc = new
> XmlDocument();
>                   oXmlDoc.Load(m_Serialize(obj));
>             }
>
>             private static MemoryStream
> m_Serialize(object obj)
>             {
>                   try
>                   {
>                         XmlSerializer serializer =
> new
> XmlSerializer(obj.GetType());
>                         MemoryStream ms = new
> MemoryStream();
>                         serializer.Serialize(ms,
> obj);
>                         ms.Position = 0;
>                         return ms;
>                   }
>                   catch(Exception ex)
>                   {
>                         throw ex;
>                   }
>             }
>       }
>
> }
>
> The xml generates but without the attribute
> "ProfileNumber", the funny
> party is when we change the variable name
> ProfileNumberSpecified to
> something else it works as expected
>
> "<?xml version=\"1.0\"?><tResponseGeneralInfo
> xmlns:xsd=\"http://www.w3.org/2001/XMLSche
> ma\"xmlns:xsi=\"http://www.w3.org/2001/XMLSche
> ma-instance\"><ProfileNumberSp
ecified>false</ProfileNumberSpecified></tResponseGeneralInf
> o>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam
> protection around 
> http://mail.yahoo.com 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com