XmlTextReader.Read throws ArgumentNullException

[Metalnem]

DataContractSerializer.ReadObject sometimes throws ArgumentNullException. Here's the full program that reproduces this:

using System.IO;
using System.Runtime.Serialization;
using System.Text;

namespace CoreFX.Fuzz
{
  public class Program
  {
    [DataContract]
    private class Obj { }

    public static void Main(string[] args)
    {
      var xml = @"<Program.Obj xmlns=""http://schemas.datacontract.org/2004/07/CoreFX.Fuzz""><s:";
      var bytes = Encoding.UTF8.GetBytes(xml);
      var stream = new MemoryStream(bytes);
      var serializer = new DataContractSerializer(typeof(Obj));

      serializer.ReadObject(stream);
    }
  }
}

The stack trace:

Exception has occurred: CLR/System.ArgumentNullException
An unhandled exception of type 'System.ArgumentNullException' occurred in System.Private.Xml.dll: 'The empty string '' is not a valid local name.'
   at System.Xml.XmlConvert.VerifyNCName(String name, ExceptionType exceptionType)
   at System.Xml.XmlConvert.VerifyNCName(String name)
   at System.Xml.XmlUTF8TextReader.VerifyNCName(String s)
   at System.Xml.XmlUTF8TextReader.ReadQualifiedName(PrefixHandle prefix, StringHandle localName)
   at System.Xml.XmlUTF8TextReader.ReadStartElement()
   at System.Xml.XmlUTF8TextReader.Read()
   at System.Runtime.Serialization.XmlReaderDelegator.Read()
   at System.Runtime.Serialization.ClassDataContract.ReadXmlValue(XmlReaderDelegator xmlReader, XmlObjectSerializerReadContext context)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.ReadDataContractValue(DataContract dataContract, XmlReaderDelegator reader)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator reader, String name, String ns, DataContract& dataContract)
   at System.Runtime.Serialization.XmlObjectSerializerReadContext.InternalDeserialize(XmlReaderDelegator xmlReader, Type declaredType, DataContract dataContract, String name, String ns)
   at System.Runtime.Serialization.DataContractSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(XmlDictionaryReader reader)
   at System.Runtime.Serialization.XmlObjectSerializer.ReadObject(Stream stream)

The environment:

.NET Core SDK (reflecting any global.json):
 Version:   2.2.103
 Commit:    8edbc2570a

Runtime Environment:
 OS Name:     Mac OS X
 OS Version:  10.14
 OS Platform: Darwin
 RID:         osx.10.14-x64
 Base Path:   /usr/local/share/dotnet/sdk/2.2.103/

Found via SharpFuzz.

[danmoseley]

Questionable choice of exception for XML to throw on malformed XML.

[danmoseley]

This type is actually internal to DCS.

[Lxiamail]

We should throw a different exception other than ArgumentNullException. However, due to the issue is not reported by real world scenario, this is lower priority issue.

[StephenBonikowsky]

Simple fix, low priority scenario.
@imcarolwang Could you add this as something for your team to try fixing.

[HongGit]

@imcarolwang is this still on your radar?