Skip to content

Merging internal commits for release/9.0#11786

Open
dotnet-bot wants to merge 13 commits into
release/9.0from
internal-merge-9.0-2026-07-14-2018
Open

Merging internal commits for release/9.0#11786
dotnet-bot wants to merge 13 commits into
release/9.0from
internal-merge-9.0-2026-07-14-2018

Conversation

@dotnet-bot

@dotnet-bot dotnet-bot commented Jul 14, 2026

Copy link
Copy Markdown
Contributor
Microsoft Reviewers: Open in CodeFlow

ProductConstructionServiceProd and others added 13 commits May 31, 2026 03:35
…ernal/release/9.0

 Resolves mirror conflict for branch release/8.0 (GitHub → AzDO internal).
   Ref: #11667

----
#### AI description  (iteration 1)
#### PR Classification
Dependency update and version bump to resolve mirror conflicts between release branches.

#### PR Summary
This pull request merges dependency updates and version changes from the release/9.0 branch into internal/release/9.0, updating toolset dependencies and the patch version number.

- `eng/Version.Details.xml`: Updated Microsoft.DotNet.Arcade.Sdk, Microsoft.DotNet.CodeAnalysis, Microsoft.DotNet.Helix.Sdk, and Microsoft.DotNet.GenAPI from version 9.0.0-beta.26261.1 to 9.0.0-beta.26301.4
- `eng/Version.Details.xml`: Updated Microsoft.DotNet.Wpf.DncEng from version 9.0.0-rtm.26227.1 to 9.0.0-rtm.26277.2
- `eng/Versions.props`: Incremented PatchVersion from 17 to 18
- `NuGet.config`: Removed temporary package sources for dotnet-runtime and dotnet-winforms
<!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…formatting, removed merge conflict artifact

Updated NuGet.config - fixed formatting, removed merge conflict artifact
This PR addresses multiple vulnerabilities where WPF's restrictive/unsafe XAML loading path could be bypassed, allowing attacker-controlled XAML to instantiate dangerous types (e.g., `ObjectDataProvider` → `Process.Start`) and achieve Remote Code Execution.

## Changes

### 1. Async XamlReader.LoadAsync taint propagation fix

**File:** `System/Windows/Markup/XamlReader.cs`

The synchronous `WpfXamlLoader` propagates `IsUnsafe = true` to nested-load-capable objects (`ResourceDictionary`, `Frame`, `NavigationWindow`) when loaded under `RestrictiveXamlXmlReader`. The asynchronous `LoadAsync` path was missing this propagation, allowing a first-stage async-loaded `ResourceDictionary` to load second-stage unrestricted XAML via its `Source` property.

**Fix:** Add the same taint propagation in `LoadAsync`'s `AfterBeginInitHandler`:

```csharp
if (_textReader is RestrictiveXamlXmlReader && args != null)
{
    if (args.Instance is ResourceDictionary rd)
        rd.IsUnsafe = true;
    else if (args.Instance is Frame frame)
        frame.NavigationService.IsUnsafe = true;
    else if (args.Instance is NavigationWindow nw)
        nw.NavigationService.IsUnsafe = true;
}
```

### 2. FixedPage NavigateUri → NavigationService unsafe taint

**File:** `System/Windows/Navigation/NavigationService.cs`

When navigation originates from a FixedPage element (Path, Canvas, Glyphs, or FixedPage) carrying `FixedPage.NavigateUri`, the target content could be attacker-controlled XAML within an XPS package. The `NavigationService` was not marked as unsafe in this path, allowing the XAML loader to process the content without restrictions.

**Fix:** Detect FixedPage-origin navigation in `OnRequestNavigate` and set `IsUnsafe = true` before the navigation proceeds.

### 3. XAML deserialization bypass in Undo and Clipboard paths

**Files:**
- `MS/Internal/Ink/ClipboardProcessor.cs`
- `System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs`

Both the clipboard paste (InkCanvas) and text undo code paths call `XamlReader.Load` to deserialize stored XAML without the restrictive reader. An attacker who can influence clipboard content or trigger undo of crafted content could instantiate arbitrary types.

**Fix:** Pass `useRestrictiveXamlReader: true` to `XamlReader.Load` in both paths.

## Attack Scenarios Addressed

| Vector | Before | After |
|--------|--------|-------|
| XPS document with Frame → async ResourceDictionary → ObjectDataProvider | RCE | Blocked by restrictive reader |
| XPS FixedPage NavigateUri → attacker XAML part | RCE | Blocked (NavigationService marked unsafe) |
| Clipboard/Undo XAML deserialization with gadget types | RCE | Blocked by restrictive reader |

## Testing

- Validated with PoC: XPS package exploiting async taint gap on .NET 10(previously vulnerable) now blocks payload
- Verified synchronous restrictive path remains unaffected
- Confirmed normal XPS rendering, clipboard, and undo operations continue to work

## Risk

**Low.** The changes enforce the...
This PR addresses multiple MSRC-reported security vulnerabilities in WPF's native rendering pipeline by adding bounds checks and overflow protection to prevent out-of-bounds writes and heap corruption.

## Changes

### 1. Pixel Shader bytecode validation

**File:** `WpfGfx/core/fxjit/PixelShader/pstrans.cpp`

- Reject excessively large shader bytecode (> 1MB) to prevent integer overflow in allocation calculations
- Validate sampler register numbers against `PSTR_MAX_TEXTURE_SAMPLERS` before array indexing
- Validate input register numbers against `PSTR_MAX_NUMINPUTREG` before use
- Validate texture register numbers against `PSTR_MAX_NUMTEXTUREREG` before use
- Cap source parameter count at `PSTR_MAX_NUMSRCPARAMS` to prevent OOB writes
- Validate sampler stage index before use in texture lookup paths
- Gracefully fail with `E_FAIL` instead of corrupting heap memory

### 2. GuidelineCollection heap overflow fix

**File:** `WpfGfx/core/common/guidelinecollection.cpp`

- Add safe integer multiplication (`UIntMult`/`UIntAdd`) for allocation size calculation in `CSnappingFrame::PushFrame`
- Prevents heap corruption when `uCountX + uCountY` would cause `sizeof(float) * uCount * 2` to overflow

### 3. System.Printing gradient band overflow fix

**File:** `System.Printing/CPP/src/GDIExporter/gdirt.cpp`

- Cap gradient group range to 10,000 in `FillLinearGradient` to prevent integer overflow in band/vertex/index calculations
- Returns `E_NOTIMPL` for excessively large gradient ranges

## Opt-out Switches

All fixes are gated behind AppContext switches for servicing safety:

## Testing

- Validated with crafted malicious pixel shader bytecode PoCs that previously caused OOB heap writes
- Verified that well-formed shaders and documents continue to render correctly
- Confirmed opt-out switches disable the checks when set

## Risk

**Low.** All changes add early-exit validation before existing code paths. No behavioral change for valid inputs. 


----
#### AI description  (iteration 1)
#### PR Classification
Security bug fix adding bounds checking and validation to prevent integer overflow vulnerabilities in WPF pixel shader and printing components.

#### PR Summary
This PR implements comprehensive bounds checking and validation to protect against buffer overflows and integer overflow attacks in WPF's pixel shader processing and printing subsystems. The changes introduce AppContext switches that allow disabling these protections for compatibility, with protections enabled by default.

- `pstrans.cpp`: Added validation for bytecode size limits (max 1MB), source parameter counts, register numbers (sampler, input, texture), and DCL token counts to prevent buffer overflows in pixel shader processing
- `guidelinecollection.cpp`: Added integer overflow protection when calculating allocation sizes for snapping frame float data arrays
- `PrintingSwitches.h` and `WpfGfxSwitches.h` (new files): Introduced AppContext switches `Switch.MS.Internal.Printing.DisablePrintingB...
…ernal/release/9.0

Resolves mirror conflict for branch release/9.0 (GitHub → AzDO internal).
Ref: #11711

----
#### AI description  (iteration 1)
#### PR Classification
Dependency version update to resolve mirror conflicts by merging release/9.0 into internal/release/9.0.

#### PR Summary
This pull request updates all product dependencies from version 9.0.16 to 9.0.17, synchronizing with the latest dotnet-winforms and dotnet-runtime servicing releases.

- `/eng/Version.Details.xml`: Updated Microsoft.Private.Winforms and related dependencies from version 9.0.16-servicing.26230.2 to 9.0.17-servicing.26265.1 with new SHA commits
- `/eng/Version.Details.xml`: Updated all dotnet-runtime coherent dependencies (System.Reflection.MetadataLoadContext, System.Windows.Extensions, etc.) from version 9.0.16 to 9.0.17
- `/eng/Version.Details.xml`: Updated System.Drawing.Common from version 9.0.16 to 9.0.17
<!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
@dotnet-bot
dotnet-bot requested a review from a team July 14, 2026 20:18
@dotnet-policy-service dotnet-policy-service Bot added the PR metadata: Label to tag PRs, to facilitate with triage label Jul 14, 2026

@himgoyalmicro himgoyalmicro left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

PR metadata: Label to tag PRs, to facilitate with triage

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants