Can string concatenation be corrupted or confusing with insecure C # code?

Question

Can string concatenation be corrupted or confusing with insecure C # code?

If I manage the C # managed string in place (for example, canceled its characters) using pointers in a block or unsafe method, can this unsafe implementation confuse or ruin .NET pool pooling mechanisms?

The proposed managed string is created in managed code and passed to an unsafe method that needs to be manipulated.

An example of this scenario:

 static void Main(string[] args) { string s = "this is a test"; UnsafeReverse(s); Console.WriteLine(s); // displays "tset a si siht" // assume more managed strings are created and used along with the affected s. } static unsafe void UnsafeReverse(string str) { int len = str.Length; fixed (char* pStr = str) { char* p1 = pStr; char* p2 = pStr + len - 1; char tmp; while (p1 < p2) { tmp = *p1; *p1 = *p2; *p2 = tmp; ++p1; --p2; } } }

+4

string c # clr unsafe

John k May 23 '13 at 1:00

source share

1 answer

Hans passant · Accepted Answer · 2013-05-23T01:10:50+0000

Sure. Just write this to see the damage:

  static readonly string DontMessWithStrings = "this is a test"; static void Main(string[] args) { string s = "this is a test"; UnsafeReverse(s); Console.WriteLine(DontMessWithStrings); }

[Edit by OP] The result of the DontMessWithStrings display is "tset a si siht" , although this variable is never directly affected by the string manipulation code!

Can string concatenation be corrupted or confusing with insecure C # code?

More articles: