System.Security.Claims .ClaimsIdentity.WriteTo() has a bug

Getting “cannot read past the end of the stream” when trying to use System.Security.ClaimsIdentity.WriteTo() to store a claims identity. Disassembled it:

// System.Security.Claims.ClaimsIdentity
protected virtual void WriteTo(BinaryWriter writer, byte[] userData)
{
	if (writer == null)
	{
		throw new ArgumentNullException("writer");
	}
	int num = 0;
	ClaimsIdentity.SerializationMask serializationMask = ClaimsIdentity.SerializationMask.None;
        ... get flags here...
	writer.Write((int)serializationMask);
	writer.Write(num);
	if ((serializationMask & ClaimsIdentity.SerializationMask.AuthenticationType) == ClaimsIdentity.SerializationMask.AuthenticationType)
	{
		writer.Write(this.m_authenticationType);
	}
        ...
	if ((serializationMask & ClaimsIdentity.SerializationMask.HasClaims) == ClaimsIdentity.SerializationMask.HasClaims)
	{
		writer.Write(this.m_instanceClaims.Count);
		using (List<Claim>.Enumerator enumerator = this.m_instanceClaims.GetEnumerator())
		{
			while (enumerator.MoveNext())
			{
				enumerator.Current.WriteTo(writer);
			}
		}
	}
        ...
	writer.Flush();
}

It writes the flags, then the number of fields, then some of the other values, then the number of claims, then the claims, then some more fields.

On the other hand, the constructor doesn’t read the number of fields, just starts reading the fields (but not Label) and then the claims, and then doesn’t read the rest of the fields.

// System.Security.Claims.ClaimsIdentity
private void Initialize(BinaryReader reader)
{
	if (reader == null)
	{
		throw new ArgumentNullException("reader");
	}
	int expr_14 = reader.ReadInt32();
	if ((expr_14 & 1) == 1)
	{
		this.m_authenticationType = reader.ReadString();
	}
	if ((expr_14 & 2) == 2)
	{
		this.m_bootstrapContext = reader.ReadString();
	}
	if ((expr_14 & 4) == 4)
	{
		this.m_nameType = reader.ReadString();
	}
	else
	{
		this.m_nameType = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name";
	}
	if ((expr_14 & 8) == 8)
	{
		this.m_roleType = reader.ReadString();
	}
	else
	{
		this.m_roleType = "http://schemas.microsoft.com/ws/2008/06/identity/claims/role";
	}
	if ((expr_14 & 16) == 16)
	{
		int num = reader.ReadInt32();
		for (int i = 0; i < num; i++)
		{
			Claim item = new Claim(reader, this);
			this.m_instanceClaims.Add(item);
		}
	}
}

IronMeta 4.0 Released

I have released version 4.0 of the IronMeta parser generator.

This release contains some refactoring for VS2015, and no longer tries to install the VS extension; instead, the extension is available in the VS Gallery.

The IronMeta parser generator provides a programming language and application for generating pattern matchers on arbitrary streams of objects. It is an implementation of Alessandro Warth’s OMeta system in C#.

Work, life

Due to an unforseen family medical situation, the founder of the startup I have been working for has been forced to put the business on hold.

So I am looking for opportunities, as they say. I have a wealth of experience in software development, from NLP, video games, full-stack desktop and web development, to compiler technology and virtual reality. I am voraciously curious and thrive on innovation, research and experimentation.

My resume is at LinkedIn.

The World Wide Web Software Stack: Threat or Menace?

James Mickens, in what he unfortunately says will be the last of his extraordinarily wonderful articles for Usenix, sums up the tentacled cthonic horror that is the software that underlies the World Wide Web:

People think that Web browsers are elegant computation platforms, and Web pages are light, fluffy things that you can edit in Notepad as you trade ironic comments with your friends in the coffee shop. Nothing could be further from the truth. A modern Web page is a catastrophe. It’s like a scene from one of those apocalyptic medieval paintings that depicts what would happen if Galactus arrived: people are tumbling into fiery crevasses and lamenting various lamentable things and hanging from playground equipment that would not pass OSHA safety checks.

(Title stolen from Rod Martens)