You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Gary D. Gregory (Jira)" <ji...@apache.org> on 2023/06/17 18:17:00 UTC

[jira] [Resolved] (BCEL-310) ArrayIndexOutOfBounds in Verifier Pass 3A

     [ https://issues.apache.org/jira/browse/BCEL-310?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Gary D. Gregory resolved BCEL-310.
----------------------------------
    Fix Version/s: 6.8.0
       Resolution: Fixed

> ArrayIndexOutOfBounds in Verifier Pass 3A
> -----------------------------------------
>
>                 Key: BCEL-310
>                 URL: https://issues.apache.org/jira/browse/BCEL-310
>             Project: Commons BCEL
>          Issue Type: Bug
>          Components: Verifier
>    Affects Versions: 6.2
>            Reporter: Rohan Padhye
>            Priority: Major
>             Fix For: 6.8.0
>
>         Attachments: Hello.class
>
>
> Verifier throws OOB on malformed input instead of reporting verification failure.
> h1. Steps to reproduce:
>  
> Save the attached file as "Hello.class" and run:
> java -cp <classpath> org.apache.bcel.verifier.Verifier Hello
>  
> The file Hello.class was generated automatically by the fuzzer JQF ([https://github.com/rohanpadhye/jqf]).
> h2. Expected output:
> VERIFIED_REJECTED
> h2. Observed output:
> JustIce by Enver Haase, (C) 2001-2002.
> <http://bcel.sourceforge.net>
> <http://commons.apache.org/bcel>
>  
> Now verifying: Hello
>  
> Pass 1:
> VERIFIED_OK
> Passed verification.
>  
> Pass 2:
> VERIFIED_OK
> Passed verification.
>  
> Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -73
>  at org.apache.bcel.Const.getTypeName(Const.java:1799)
>  at org.apache.bcel.generic.NEWARRAY.toString(NEWARRAY.java:90)
>  at org.apache.bcel.generic.Instruction.toString(Instruction.java:101)
>  at java.lang.String.valueOf(String.java:2994)
>  at java.lang.StringBuilder.append(StringBuilder.java:131)
>  at org.apache.bcel.verifier.statics.Pass3aVerifier$InstOperandConstraintVisitor.constraintViolated(Pass3aVerifier.java:499)
>  at org.apache.bcel.verifier.statics.Pass3aVerifier$InstOperandConstraintVisitor.visitNEWARRAY(Pass3aVerifier.java:835)
>  at org.apache.bcel.generic.NEWARRAY.accept(NEWARRAY.java:125)
>  at org.apache.bcel.generic.InstructionHandle.accept(InstructionHandle.java:302)
>  at org.apache.bcel.verifier.statics.Pass3aVerifier.pass3StaticInstructionOperandsChecks(Pass3aVerifier.java:443)
>  at org.apache.bcel.verifier.statics.Pass3aVerifier.do_verify(Pass3aVerifier.java:208)
>  at org.apache.bcel.verifier.PassVerifier.verify(PassVerifier.java:71)
>  at org.apache.bcel.verifier.Verifier.doPass3a(Verifier.java:8



--
This message was sent by Atlassian Jira
(v8.20.10#820010)