You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by ma...@apache.org on 2022/12/06 12:25:46 UTC
[commons-bcel] branch master updated: Avoid NPE and return more useful ClassFormatException
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/commons-bcel.git
The following commit(s) were added to refs/heads/master by this push:
new 50afad50 Avoid NPE and return more useful ClassFormatException
50afad50 is described below
commit 50afad507710b27c31aa192abc9ba026b663935c
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Dec 6 12:25:39 2022 +0000
Avoid NPE and return more useful ClassFormatException
---
src/changes/changes.xml | 6 ++++++
src/main/java/org/apache/bcel/classfile/ConstantPool.java | 2 +-
src/test/java/org/apache/bcel/OssFuzzTestCase.java | 5 +++++
src/test/resources/ossfuzz/issue53676/Test.class | Bin 0 -> 26 bytes
4 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/changes/changes.xml b/src/changes/changes.xml
index 963c90b6..5a2afe36 100644
--- a/src/changes/changes.xml
+++ b/src/changes/changes.xml
@@ -62,6 +62,12 @@ The <action> type attribute can be add,update,fix,remove.
-->
<body>
+ <release version="6.7.1" date="TBD" description="Maintenance and bug fix release.">
+ <!-- ADD -->
+ <!-- FIX -->
+ <action type="fix" dev="markt" due-to="OSS-Fuzz">When parsing an class with an invalid constant reference, ensure ClassParser.parse() throws ClassFormatException, not NullPointerException.</action>
+ <!-- UPDATE -->
+ </release>
<release version="6.7.0" date="2022-11-28" description="Maintenance and bug fix release.">
<!-- ADD -->
<action type="add" dev="ggregory" due-to="Gary Gregory">Add org.apache.bcel.classfile.ClassFormatException.ClassFormatException(Throwable).</action>
diff --git a/src/main/java/org/apache/bcel/classfile/ConstantPool.java b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
index 2ccabe01..b88ef0db 100644
--- a/src/main/java/org/apache/bcel/classfile/ConstantPool.java
+++ b/src/main/java/org/apache/bcel/classfile/ConstantPool.java
@@ -282,7 +282,7 @@ public class ConstantPool implements Cloneable, Node, Iterable<Constant> {
*/
public <T extends Constant> T getConstant(final int index, final byte tag, final Class<T> castTo) throws ClassFormatException {
final T c = getConstant(index);
- if (c.getTag() != tag) {
+ if (c == null || c.getTag() != tag) {
throw new ClassFormatException("Expected class '" + Const.getConstantName(tag) + "' at index " + index + " and got " + c);
}
return c;
diff --git a/src/test/java/org/apache/bcel/OssFuzzTestCase.java b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
index ed012989..548a0110 100644
--- a/src/test/java/org/apache/bcel/OssFuzzTestCase.java
+++ b/src/test/java/org/apache/bcel/OssFuzzTestCase.java
@@ -61,6 +61,11 @@ public class OssFuzzTestCase {
testOssFuzzReproducer("53620");
}
+ @Test
+ public void testIssue53676() throws Exception {
+ testOssFuzzReproducer("53676");
+ }
+
private void testOssFuzzReproducer(final String issue) throws Exception {
final File reproducerFile = new File("target/test-classes/ossfuzz/issue" + issue + "/Test.class");
try (final FileInputStream reproducerInputStream = new FileInputStream(reproducerFile)) {
diff --git a/src/test/resources/ossfuzz/issue53676/Test.class b/src/test/resources/ossfuzz/issue53676/Test.class
new file mode 100644
index 00000000..c0ca8577
Binary files /dev/null and b/src/test/resources/ossfuzz/issue53676/Test.class differ