Merging internal commits for release/9.0#11786
Open
dotnet-bot wants to merge 13 commits into
Open
Conversation
…ernal/release/9.0 Resolves mirror conflict for branch release/8.0 (GitHub → AzDO internal). Ref: #11667 ---- #### AI description (iteration 1) #### PR Classification Dependency update and version bump to resolve mirror conflicts between release branches. #### PR Summary This pull request merges dependency updates and version changes from the release/9.0 branch into internal/release/9.0, updating toolset dependencies and the patch version number. - `eng/Version.Details.xml`: Updated Microsoft.DotNet.Arcade.Sdk, Microsoft.DotNet.CodeAnalysis, Microsoft.DotNet.Helix.Sdk, and Microsoft.DotNet.GenAPI from version 9.0.0-beta.26261.1 to 9.0.0-beta.26301.4 - `eng/Version.Details.xml`: Updated Microsoft.DotNet.Wpf.DncEng from version 9.0.0-rtm.26227.1 to 9.0.0-rtm.26277.2 - `eng/Versions.props`: Incremented PatchVersion from 17 to 18 - `NuGet.config`: Removed temporary package sources for dotnet-runtime and dotnet-winforms <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…formatting, removed merge conflict artifact Updated NuGet.config - fixed formatting, removed merge conflict artifact
This PR addresses multiple vulnerabilities where WPF's restrictive/unsafe XAML loading path could be bypassed, allowing attacker-controlled XAML to instantiate dangerous types (e.g., `ObjectDataProvider` → `Process.Start`) and achieve Remote Code Execution.
## Changes
### 1. Async XamlReader.LoadAsync taint propagation fix
**File:** `System/Windows/Markup/XamlReader.cs`
The synchronous `WpfXamlLoader` propagates `IsUnsafe = true` to nested-load-capable objects (`ResourceDictionary`, `Frame`, `NavigationWindow`) when loaded under `RestrictiveXamlXmlReader`. The asynchronous `LoadAsync` path was missing this propagation, allowing a first-stage async-loaded `ResourceDictionary` to load second-stage unrestricted XAML via its `Source` property.
**Fix:** Add the same taint propagation in `LoadAsync`'s `AfterBeginInitHandler`:
```csharp
if (_textReader is RestrictiveXamlXmlReader && args != null)
{
if (args.Instance is ResourceDictionary rd)
rd.IsUnsafe = true;
else if (args.Instance is Frame frame)
frame.NavigationService.IsUnsafe = true;
else if (args.Instance is NavigationWindow nw)
nw.NavigationService.IsUnsafe = true;
}
```
### 2. FixedPage NavigateUri → NavigationService unsafe taint
**File:** `System/Windows/Navigation/NavigationService.cs`
When navigation originates from a FixedPage element (Path, Canvas, Glyphs, or FixedPage) carrying `FixedPage.NavigateUri`, the target content could be attacker-controlled XAML within an XPS package. The `NavigationService` was not marked as unsafe in this path, allowing the XAML loader to process the content without restrictions.
**Fix:** Detect FixedPage-origin navigation in `OnRequestNavigate` and set `IsUnsafe = true` before the navigation proceeds.
### 3. XAML deserialization bypass in Undo and Clipboard paths
**Files:**
- `MS/Internal/Ink/ClipboardProcessor.cs`
- `System/Windows/Documents/TextTreeDeleteContentUndoUnit.cs`
Both the clipboard paste (InkCanvas) and text undo code paths call `XamlReader.Load` to deserialize stored XAML without the restrictive reader. An attacker who can influence clipboard content or trigger undo of crafted content could instantiate arbitrary types.
**Fix:** Pass `useRestrictiveXamlReader: true` to `XamlReader.Load` in both paths.
## Attack Scenarios Addressed
| Vector | Before | After |
|--------|--------|-------|
| XPS document with Frame → async ResourceDictionary → ObjectDataProvider | RCE | Blocked by restrictive reader |
| XPS FixedPage NavigateUri → attacker XAML part | RCE | Blocked (NavigationService marked unsafe) |
| Clipboard/Undo XAML deserialization with gadget types | RCE | Blocked by restrictive reader |
## Testing
- Validated with PoC: XPS package exploiting async taint gap on .NET 10(previously vulnerable) now blocks payload
- Verified synchronous restrictive path remains unaffected
- Confirmed normal XPS rendering, clipboard, and undo operations continue to work
## Risk
**Low.** The changes enforce the...
This PR addresses multiple MSRC-reported security vulnerabilities in WPF's native rendering pipeline by adding bounds checks and overflow protection to prevent out-of-bounds writes and heap corruption. ## Changes ### 1. Pixel Shader bytecode validation **File:** `WpfGfx/core/fxjit/PixelShader/pstrans.cpp` - Reject excessively large shader bytecode (> 1MB) to prevent integer overflow in allocation calculations - Validate sampler register numbers against `PSTR_MAX_TEXTURE_SAMPLERS` before array indexing - Validate input register numbers against `PSTR_MAX_NUMINPUTREG` before use - Validate texture register numbers against `PSTR_MAX_NUMTEXTUREREG` before use - Cap source parameter count at `PSTR_MAX_NUMSRCPARAMS` to prevent OOB writes - Validate sampler stage index before use in texture lookup paths - Gracefully fail with `E_FAIL` instead of corrupting heap memory ### 2. GuidelineCollection heap overflow fix **File:** `WpfGfx/core/common/guidelinecollection.cpp` - Add safe integer multiplication (`UIntMult`/`UIntAdd`) for allocation size calculation in `CSnappingFrame::PushFrame` - Prevents heap corruption when `uCountX + uCountY` would cause `sizeof(float) * uCount * 2` to overflow ### 3. System.Printing gradient band overflow fix **File:** `System.Printing/CPP/src/GDIExporter/gdirt.cpp` - Cap gradient group range to 10,000 in `FillLinearGradient` to prevent integer overflow in band/vertex/index calculations - Returns `E_NOTIMPL` for excessively large gradient ranges ## Opt-out Switches All fixes are gated behind AppContext switches for servicing safety: ## Testing - Validated with crafted malicious pixel shader bytecode PoCs that previously caused OOB heap writes - Verified that well-formed shaders and documents continue to render correctly - Confirmed opt-out switches disable the checks when set ## Risk **Low.** All changes add early-exit validation before existing code paths. No behavioral change for valid inputs. ---- #### AI description (iteration 1) #### PR Classification Security bug fix adding bounds checking and validation to prevent integer overflow vulnerabilities in WPF pixel shader and printing components. #### PR Summary This PR implements comprehensive bounds checking and validation to protect against buffer overflows and integer overflow attacks in WPF's pixel shader processing and printing subsystems. The changes introduce AppContext switches that allow disabling these protections for compatibility, with protections enabled by default. - `pstrans.cpp`: Added validation for bytecode size limits (max 1MB), source parameter counts, register numbers (sampler, input, texture), and DCL token counts to prevent buffer overflows in pixel shader processing - `guidelinecollection.cpp`: Added integer overflow protection when calculating allocation sizes for snapping frame float data arrays - `PrintingSwitches.h` and `WpfGfxSwitches.h` (new files): Introduced AppContext switches `Switch.MS.Internal.Printing.DisablePrintingB...
…ernal/release/9.0 Resolves mirror conflict for branch release/9.0 (GitHub → AzDO internal). Ref: #11711 ---- #### AI description (iteration 1) #### PR Classification Dependency version update to resolve mirror conflicts by merging release/9.0 into internal/release/9.0. #### PR Summary This pull request updates all product dependencies from version 9.0.16 to 9.0.17, synchronizing with the latest dotnet-winforms and dotnet-runtime servicing releases. - `/eng/Version.Details.xml`: Updated Microsoft.Private.Winforms and related dependencies from version 9.0.16-servicing.26230.2 to 9.0.17-servicing.26265.1 with new SHA commits - `/eng/Version.Details.xml`: Updated all dotnet-runtime coherent dependencies (System.Reflection.MetadataLoadContext, System.Windows.Extensions, etc.) from version 9.0.16 to 9.0.17 - `/eng/Version.Details.xml`: Updated System.Drawing.Common from version 9.0.16 to 9.0.17 <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->
…-merge-9.0-2026-07-14-2018
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Microsoft Reviewers: Open in CodeFlow