Fixing deserialization security issue (non-issue) (#1059)

Fixing deserialiation security issue (non-issue) Co-authored-by: Dmitry Vasilevsky <dmitryv@microsoft.com>
2022-07-19 10:12:36 -07:00 · 2022-07-19 10:12:36 -07:00 · 84f81d6f72
--- a/src/Simulation/QCTraceSimulator/Utils.cs
+++ b/src/Simulation/QCTraceSimulator/Utils.cs
@ -120,9 +120,11 @@ namespace Microsoft.Quantum.Simulation.QCTraceSimulatorRuntime
                stream.Position = 0;
                // Deserialize the graph into a new set of objects and
                // return the root of the graph (deep copy) to the caller
-                T res = formatter.Deserialize(stream) as T;
-                Debug.Assert(res != null);
-                return res;
+                object res = formatter.Deserialize(stream);
+                if (res.GetType() != typeof(T)) {
+                    throw new ApplicationException("Deserialization failed while copying an object.");
+                }
+                return (T)res;
            }
        }