Bug in "Control-Flow-Obfuscation" of "Strictly valid" level

jackjoy

Version : 6.8.0.121

original source code:

/// <summary>
        /// Converts a value to a Float
        /// </summary>
        private static float ToFloat(object value, TypeInfo sourceType)
        {            
            // handle for supported conversions.
            switch (sourceType.BuiltInType)
            {
                case BuiltInType.Float:
                {
                    return (float)value; 
                }
                    
                case BuiltInType.Boolean: return Convert.ToSingle((bool)value);
                case BuiltInType.SByte:   return Convert.ToSingle((sbyte)value);
                case BuiltInType.Byte:    return Convert.ToSingle((byte)value);
                case BuiltInType.Int16:   return Convert.ToSingle((short)value);
                case BuiltInType.UInt16:  return Convert.ToSingle((ushort)value);
                case BuiltInType.Int32:   return Convert.ToSingle((int)value);
                case BuiltInType.UInt32:  return Convert.ToSingle((uint)value);
                case BuiltInType.Int64:   return Convert.ToSingle((long)value);
                case BuiltInType.UInt64:  return Convert.ToSingle((ulong)value);
                case BuiltInType.Double:  return Convert.ToSingle((double)value);

                case BuiltInType.String:
                {
                    return XmlConvert.ToSingle((string)value); 
                }
            }
            
            // conversion not supported.
            throw new InvalidCastException();
        }        

result code:(ILSPY)

// Opc.Ua.TypeInfo
private static float (object , TypeInfo )
{
	BuiltInType expr_01 = .BuiltInType;
	BuiltInType builtInType;
	if (2 != 0)
	{
		builtInType = expr_01;
	}
	float arg_B3_0;
	switch (builtInType)
	{
	case BuiltInType.Boolean:
		return Convert.ToSingle((bool));
	case BuiltInType.SByte:
		return Convert.ToSingle((sbyte));
	case BuiltInType.Byte:
		return Convert.ToSingle((byte));
	case BuiltInType.Int16:
		return Convert.ToSingle((short));
	case BuiltInType.UInt16:
	{
		float expr_87 = arg_B3_0 = Convert.ToSingle((ushort));
		if (8 != 0)
		{
			return expr_87;
		}
		break;
	}
	case BuiltInType.Int32:
		return Convert.ToSingle((int));
	case BuiltInType.UInt32:
		return Convert.ToSingle((uint));
	case BuiltInType.Int64:
		arg_B3_0 = Convert.ToSingle((long));
		break;
	case BuiltInType.UInt64:
		return Convert.ToSingle((ulong));
	case BuiltInType.Float:
		return (float);
	case BuiltInType.Double:
		return Convert.ToSingle((double));
	case BuiltInType.String:
		return XmlConvert.ToSingle((string));
	default:
		throw new InvalidCastException();
	}
	return arg_B3_0;
}

when call with the following(the argument '123' can be replaced with any number):

var a = xxx.ToFloat((UInt16)123,BuiltInType.Float);

Always return 0.0 with any input argument.

It seems the added obfuscation code has bugs related il instructions order.

Chris.Allen

Thanks for letting us know. I have created an internal bug reference for this.